Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

Attacker can decrease other user token balance.

Lender may not be able to close loan or get back lending token.

Lender can not close loan with recipient.

Borrower can keep loan.

Attacker can cause revert or decrease rewards.

V3Utils.execute() does not have caller validation, leading to stolen NFT positions from users

Permit doesnt work with DAI

Event is not emitted

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Minter / Staker / Spender roles can never be revoked`..,

Burner role can not be revoked

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unauthorized Access to setCurves Function

It may be possible to DoS AuctionHouse by specifying malicious creators

LendingTerm::debtCeiling() can return wrong debt as the min() is evaluated incorrectly

Auction winner can prevent payments via `safeTransferFrom` callback

Incorrectly implemented modifiers in LybraConfigurator.sol allow any address to call functions that are supposed to be restricted

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts