Updating the RC Params of the reward accumulator does not update the `lastRewardCuts` leading to wrong application of the `rewardCutPercentage`

The first person to lock `TAN` doesn't result in an update of ` rewardData[token].lastUpdateTime`

`OraclePendlePT.latestAnswer` will not always return 18 decimals as assumed

`LeverageManager._acquireBorrowTokenForRepayment` will revert due to `_props.sender` not being when removing leverage

The amount of shares needed for redemption of borrow tokens is underquoted during the removal of leverage process leading to reverting.

`_closeFeeAmt` is bypassed when removing leverage if borrow tokens need to be acquired

`Timelock::setDelay` and `Timelock::setPendingAdmin` are highly sensitive but haven't been included in the high risk quorum requirements

The price of rsEHT could be manipulated by the first staker

Lack of slippage control on LRTDepositPool.depositAsset

A malicious user can prevent the liquidator role receiving rewards

`LMPVaultRouterBase::mint` and `LMPVaultRouterBase::deposit` transfer extra assets from the user when ETH is provided

`LMPDebt::flashrebalance` passes the wrong amount to `_handleRebalanceIn`

BigBang and Singularity should not pause repay() and liquidate()

`IStaticOracle` references the wrong addresses

Protocol does not support fee on transfer tokens

Market owners can either profit from borrowers or grief them by frontrunning bid submissions

Protocol owner can steal funds by setting a high protocol fee just before a bid is accepted

`changeFeeQuote` will fail for low decimal ERC20 tokens

An attacker can manipulate the preDepositvePrice to steal from other users.

DoS due to external call failure

`ownerToRollOverQueueIndex` is incorrectly updated if user already in queue

Malicious depositos and relayers can cause denial of service in `mintDepositInQueue`

`mintRollovers` can fail if too many roll overs don't have adequate shares

Protocol does not handle tokens that don't use 18 decimals

A malicious early depositor can manipulate share price and profit from future depositors

Auction can be started without previous one being settled

Withdrawal cycle restriction can be bypassed

`_claimOngoingBounty` only claims the `payoutToken` but allows NFT deposits

Array mismatch can happen when setting a new payout schedule

No check on `transfer()` and `transferFrom()` return values

Rounding issues will affect the repayment of loans

`PerpDepository::rebalance` does not check if caller is authorized to use another user's account for shortfall transactions.

`PerpDepository::rebalanceLite` does not check if caller is authorized to use another user's account for rebalancing