payWithERC20 should be internal

Any actor can dilute the reward rate by calling notifyRewardAmount() with 1 wei

The user can send tokens to any address by using two bridge transfers, even when transfers are restricted.

Evil genius can steal contract assets due to order with same id being overridden

Bracket.sol execute() approval to target will make the call revert because of USDT mechanics and old oz library used

LamboFactory can be permanently DoS-ed due to createPair call reversal

updateHighWaterMark can never be set to 0

Usage of floating pragma

incorrect price for negative ticks due to lack of rounding down

USAGE OF ABI ENCODEPACKED FUNCTION

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

The modifier `onlyExistingRoute` works incorrectly

`Keepers` does not implement EIP712 correctly on multiple occasions

Incorrect modifier condition

`depositQueue.queue` in `AccountingManager` can be flooded causing a DoS

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Inability to perform partial liquidations allows huge positions to accrue bad debt in the system

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

No incentive to liquidate small positions could result in protocol going underwater

Liquidating positions with bounded Kerosen could be unprofitable for liquidators

`_getReferencePoolPriceX96()` will show incorrect price for negative tick deltas in current implementation cause it doesn't round up for them

V3Oracle susceptible to price manipulation

Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

Liquidation reward sent to msg.sender instead of recipient

Lack of Slippage Protection in `withdraw`/`redeem` Functions of the Vault

PrincipalToken is not ERC-5095 compliant

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Can mint NFT with the desired attributes by reverting transaction

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Fighter created by mintFromMergingPool can have arbitrary weight and element

When `DecentBridgeExecutor.execute` fails, funds will be sent to a random address

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Minimium Collateral Check Can Be Bypassed

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

No slippage protection for Market functions

`ODSafeManager#allowSAFE()` cannot be executed either by the proxy contract or any other address.

_computeAvailable() the calculations are wrong

Rounding error in `WUSDA` can result in loss of user funds, especially when manipulated by an attacker