Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Unauthorized Access to setCurves Function

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

The price of rsEHT could be manipulated by the first staker

Auction winner can prevent payments via `safeTransferFrom` callback

Test addresses and incorrect interface in code prevent integration with UniswapV3 and Camelot

Due to extremely short `votingDelay` and `votingPeriod`, governance is practically impossible.

Decimal Limitation in CamelotRelayer and UniV3Relayer Contract Deployment