Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Adversary can win proposals with voting power as low as 4%

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

The use of spot price by CoreSaltyFeed can lead to price manipulation and undesired liquidations

THE USER WHO WITHDRAWS LIQUIDITY FROM A PARTICULAR POOL IS ABLE TO CLAIM MORE REWARDS THAN HE DULY DESERVES BY CAREFULLY SELECTING A `decreaseShareAmount` VALUE SUCH THAT THE `virtualRewardsToRemove` IS ROUNDED DOWN TO ZERO

MinShares Slippage Parameters Are Ineffective For Initial Deposit

Attacker Can Inflate LP Position Value To Create a Bad Debt Loan

formPOL lacks slippage and deadline protection

StakingRewards pools are not given their promised share of rewards due to incorrect calculation

Minimium Collateral Check Can Be Bypassed

The price of rsEHT could be manipulated by the first staker

Array Length of `tickTracking_ ` Can be Purposely Increased to Brick Minting and Burning of Most Users' Liquidity Positions

Positions that are not eligible for rewards will affect the reward income of eligible positions.

By delegating to a non-transcoder, a delegator can reduce the tally of somebody else's vote choice without first granting them any voting power

Malicious lender can use Callbacks to create Loan that cannot be repaid

Lender Loses Collateral from Paritailly Repaid Loans that are Defaulted if repayDirect == true

When borrower rolls their loan the lender can frontrun the transaction and change the interest and duration to drain all of borrower's approved tokens

RollLoan can be called on someone else's loan giving them worse conditions or defaulting them in 1 block

Reward accounting is incorrect in BathBuddy contract

An attacker can steal all tokens of users that use `FeeWrapper`

Zero reward rate calculation impedes low-decimals token distributions

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

Users Can Bypass the Delayed Withdrawal

First Depositor Can Break Minting of Shares

Users That Deposit Into Ichi Spell Can be Unfairly Liquidated by Attacker

Permanent freezing of funds: Roll can be called infinite times without extra payment, extending the loan duration to infinity.