Missing slippage protection in provide liquidity means no way to protect against price fluctuation.

Attacker can exploit thin liquidity in xyk pool to save on fees.

Protocol loses out on fees when swapping via unbalanced deposits

Attacker can exercise option tokens to repeatedly relock victim's lp tokens.

User loses unclaimed rewards when merging tokens.

Voting power does not decay when calculating shares of flow emissions if the user does not vote again.