funder can frontrun the claim asking for a refund. The claimant will be able to finish the claim operation without getting any reward back

`setPayoutSchedule` and `setPayoutScheduleFixed` will revert if `_payoutSchedule` has a length lower compared to `tierWinners`

Buyer on secondary NFT market can lose fund if they buy a NFT that is already used to claim the reward

Users may not claim Erc1155 rewards when the Quest has ended

Arbitrary transactions possible due to insufficient signature validation

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Functions in the `BatchRequests` contract revert for removed contract addresses

Unsecure `transferFrom`

ERC5095 redeem/withdraw does not update allowances

No cap on fees can result in a DOS in BathToken.withdraw()

Admin rug vectors

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

Possible lost msg.value

`processYield()` and `distributeYield()` may run out of gas and revert due to long list of extra rewards/yields