`canExecTakeOrder` mismatches `makerOrder` and `takerItems` when duplicated items present

Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders

Lack of Access Control for offer(uint, ERC20, uint, ERC20) and insert(uint, unint)

No cap on fees can result in a DOS in BathToken.withdraw()

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

User's may accidentally overpay in `buyOption()` and the excess will be paid to the vault creator

safeTransferFrom is recommended instead of transfer (1)

amount requires to be updated to contract balance increase (1)

The owner can mint all of the NFTs.

Many unbounded and under-constrained variables in the system can lead to unfair price or DoS

Chainlink pricer is using a deprecated API

WhitelistPeriodManager: Improper state handling of exclusion removals

Improper Upper Bound Definition on the Fee

Owners have absolute control over protocol

denial fo service

USDC blacklisted accounts can DoS the withdrawal system

Wrong reward token calculation in MasterChef contract

Rewards get diluted because `totalAllocPoint` can only increase.

Unconstrained fee

Oracle data feed is insufficiently validated.