Lender can Sandwich a borrower to seize his collateral

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

Operator can prevent customers from borrowing from a given pool

[H-01] Lack of emergency withdraw function when no arbiter is set

High - Funds can be lost if any participant is blacklisted

Reentrancy in `USDO.flashLoan()`, enabling an attacker to borrow unlimited USDO exceeding the max borrow limit

Ability to steal user funds and increase collateral share infinitely in BigBang and Singularity

BigBang and Singularity should not pause repay() and liquidate()

Cannot use CurveSwapper when calling compound due to mismatched data parameter

`MagnetarV2#burst` double counts `msg.value` for `TOFT_WRAP` operation, making the transaction revert unless the user overpays

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

Anyone can reset fees to 0 value when Vault is deployed

`quitPeriod` is effectively always just `1 day`

Improper Approval Mechanism of Clearing House

Arbitrary transactions possible due to insufficient signature validation

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit

Value can be stuck in Adapters

Call to declareInsolvent() would revert when contract status reaches liquidation point after repayment of credit position 1

Variable balance ERC20 support

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Lender can reject closing a position

An Operator can mint tokens for free

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

Withheld ETH shoud not be sent back to the frxETHMinter contract itself

Vesting Schedule Start and End Time can be Set in The Past

Proposals can be bricked and Auctions stalled by bad settings

Loss of Veto Power can Lead to 51% Attack

Compromised or malicious vetoer can veto any proposals with unrestricted power

Attacker contract can avoid being blocked by BlockList.sol

Automation / management can be set for not yet existing vault

Malicious targets can manipulate MIMOProxy permissions

Vault rebalancing can be exploited if two vaults rebalance into the same vault

Malicious Users Can Exploit Residual Allowance To Steal Assets

Delegate call in `Vault#_execute` can alter Vault's ownership