A malicious lender can obstruct legitimate lenders from canceling or fully fulfilling their offers if the offer is not perpetual.

Remove splitter will always revert if there are some rewards left on splitter contract

Upgrading `OperatorVCS` Contract Will Fail

Upgrade Initialization Logic Will Never Execute Due to Incorrect Initializer Usage in CommunityVCS

No way to update unbonding and claim periods

Due To The `minWithdrawalAmount` check Users Who Want To Withdraw Wont Be Able To Queue Their Token Withdrawals On Some Amounts

The `getAssetPrice` Staleness check will result in doS for a lot of oracles

To withdraw the donation or Front running assets from market will result in DoS for `reallocation`

The Attacker will Cancel the Raffle In PRIZE_LOCKED

TokenManager - Unlimited withdraw

Native token withdrawal fails until manually approved

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

The user will be able to close Bid Offer even in case if marketplace is not in BidSettling

`Tokens` Are Automatically Whitelisted Upon Creation And Binding Even When `_whiteListEnabled == false`

Incorrect function signatures in `_callBaseUri` break `baseURI` functionality

function erc721Metadata returns empty base uri instead of token uris

Market Disruption and Financial Loss Post-Liquidation

A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)

Liquidation of accounts collateral not posible because some chainlink price feed doesn't exist or are marked as medium risk by chainlink

Incompatibility with Multisig Wallets in `TempleGold::send` Function

minPurchaseAmount check wil be bypassed in case of `borrowToken==DAI`

`WithdrawRequestBase:_splitWithdrawRequest` assigns a request ID of `0` to `_to` when `w.vaultShares == vaultShares` and the vault shares cannot be redeemed.

The `new bytes(0)` will result in revert for claim function

PUSH0 is not supported by Linea

User will loss the Rewards for stacking if he redeem without claiming the reward

The USer will receive less amount than user expected

Loss Fee does not get added due to wrong calculation

`isHoldAmountAllowed` and `isSubAmountAllowed` wrong subtraction will result in DoS

Use of CREATE method is suspicious of reorg attack

Cancelling a Merkle Lockup is only callable by `initialAdmin` even after `admin` had been modified

Stream sender is unable to cancel a stream with a pausable asset that is paused

Incorrect withdraw queue balance in TVL calculation

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

After Claiming NFT the lender will not be able to close Loan

Fee-on-Transfer Token will effect the complete accounting and result in DoS

All the funds are at risk due to reentrancy attack

Fee will also got dedecuted in case of local swap and direct transfer

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

If there is only one USDS borrower, he can never be liquidated

Rewards can be drained because of lack of access control

Previous NFT owner can burn NFT from the new owner

`onERC721Received()` callback is never called when new tokens are minted in Erc721Facet.sol