All tokens can be drained from Diamond through fake Uniswap pools

Incorrect use of `TAKER_VAULT_ID` in `AdminFacet::transferVaultBalance`

Low ticks may underflow in `tickToTreeIndex` resulting in incorrect tree indexes

Typo in `ViewWalker::down` results in incorrect calculation of fees.

Max assets per owner can be abused to block creating new maker assets

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Flash loan protection mechanism can be bypassed via self-liquidations

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

Incorrect deployment / missing contract will break functionality

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Distribution can be bricked, and double claims by a few holders are possible when owner calls `LiquidInfrastructureERC20::setDistributableERC20s`