`unassignedEarnings` of each maturity doesn't change after liquidation, resulting in the attacker being able to cheat and steal the yield from maturities

Miscalculation of already released rewards in the `RewardsController.config()` function

Modifying Reward Distribution Start Time Could Incur An Incorrect Reward Distribution

`clearBadDebt` function does not accrue earnings from each maturity.

A maturity with remaining earnings that have not yet been accrued may not be included in the `totalAsset()` function

An attacker can borrow 0 in many markets, allowing any user to increase the number of the user's markets in Auditor, which may lead to a DOS attack

As time passes, the decrease in the value of `previewRepay(fixedDebt)` due to the floating interest results in borrowers being unable to claim their full rewards

Attackers can force borrower unable to repay the loan in case debt token is USDC

Use `safeTransfer` instead of `transfer`

Collateral can be locked forever because borrower can `roll` the loan many times

Because the default value of `rollable` is true, function `toggleRoll` can not block the rollover

Borrower can't roll a loan over when call `repay()` before

Users can not withdraw all of their tokens if they deposited many times before (array `userDepositsIndex[msg.sender]` too long)

Malicious users can stake nft with high `unlockTime` to get a high voting power and prevent users from create a proposal

Users's nft can be locked because of the wrong implementation of function `Staking.delegate()`

Should decrease the community power of proposer when his/her proposal is vetoed/canceled

Wrong update of community power when a proposal is queued

Users who didn't own any nfts still can increase their community power

User can't withdraw from auction when number of sold contracts bigger than totalContracts

Wrong implementation of orderbook can make user can't get their fund back

Oracle data can be outdated