[H-01] Auction tokens will be lost forever when auction ends without bids

Epoch mismatch in FjordPoints and FjordStaking leads to user being able to stake and unstake instantly for rewards

Wrong value decremented from `totalSupply` when revoking a vesting schedule will lead to last users not being able to withdraw their funds

"Revoked" vesting amount can still be used for voting even after vesting is revoked

Any user can grief rewards distribution `rewardRate` variable

A user can split up their junior deposit into smaller portions to extract maximum `maxBonusIncentive` value

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

`costInEuros` calculation will incur precision loss due to division before multiplication

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

Centralization Risk for trusted organizers

DAI Tokens at Risk Due to Lack of address(0) Check in distribute

During refinance() new Pool balance debt is subtracted twice

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`

Possible DOS by borrowers in `setPool()`