Attacker can DoS the `SuperPoolFactory`

De-Whitelisted tokens remain usable as collateral due to incomplete asset revocation

WhenNotPaused modifier in the CDPVault can be bypassed by users

Malicious actor can abuse the minimum shares check in `StakingLPEth` and cause DoS or locked funds for the last user that withdraws

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

The voting mechanism for the periods that have a bribe will be DoSed

Attacker can manipulate the `lockDuration` of other users positions

Attackers can drain the rewards

Stakers Funds Will Be Permanently Locked Within the Contract if a Validator is Tombstoned

Freezed Chain will never be unfreeze since `StateTransitionManager::unfreezeChain` is calling `freezeDiamond` instead of `unfreezeDiamond`.

Malicious users are able to bypass the Tax payment using making a Fake BasicActions Contract

Updating `SafeManager` address in the `Vault721` will disable NFV minting

`ODSafeManager#allowSAFE()` cannot be executed either by the proxy contract or any other address.

The peg stability module can be compromised by forcing lowerDepeg to revert.