Liquidation doesn't account for penalty when calculating collateral to give, allowing users to profit by borrowing and self-liquidating

`AuraVault::claim` reward calculation does not deduct fees from reward amount, causing DoS or extra rewards lost

`Flashlender.sol#flashLoan()` should use `mintProfit()` to mint fees. The current implemetation may lead to locked up WETH in PoolV3.

In CDPVault::liquidatePositionBadDebt(), the calculation of `loss` is incorrect.

Lack of Slippage Control in `AuraVault::deposit` and `AuraVault::mint` Functions Can Lead to Unexpected Financial Losses for Users

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Most users won't be able to claim their share of Uniswap fees

`claim` function lacks slippage controls for `amount0` and `amount1` returned by `pool.burn` function call

Liquidity manipulation is possible when trading

Possible DoS When calling `GammaTradeMarket::_removePosition` will cause user position to not be able to get liquidated

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Incorrect withdraw queue balance in TVL calculation

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

DOS of `completeQueuedWithdrawal` when ERC20 buffer is filled

Lack of slippage and deadline during withdraw and deposit

V3Oracle susceptible to price manipulation

V3Vault is not ERC-4626 compliant

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract

LayerZeroEndpoint.send() in L1Sender.sol may revert if the user does not provide enough native gas as specified