Wrong handling of current auction variable will prevent auctions from ever succeeding, locking user bids and rewards

Flashloan attack allows attacker to sandwich `pool::startAuction` to earn an unfair amount of shares

Fees handling based on current amount of token in the pool will result in fluctuation of the actual claimed fees

Attacker betting low amount of coupon token for high amount of reserve token will force their bid to stay in the auction if they get blacklisted by couponToken

Auctions succeeding condition does not take into account the claimable fees in the pool. It can result of a drastical reduction of claimable fees if auction succeeds, or cause an auction to fail if the fees are claimed

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

Old router retains token allowance after update

It is possible to avoid paying the `protocolFee`

No LSTs transfer on node operator withdrawals resulting in stuck funds and loss for node operators

[H-01] Auction tokens will be lost forever when auction ends without bids