User could withdraw more than supposed to, forcing last user withdraw to fail

Users are incentivized to not withdraw immediately after the market is closed.

Role providers can bypass intended restrictions and lower expiry set by other providers

`FixedTermLoanHook` looks at `block.timestamp` instead of `expiry`

Inconsistency across multiple repaying functions causing lender to pay extra fees.

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

If `claimDefaulted` is called before `claimRepaid` all of `loan.unclaimed` will be lost

If `loan.callback == true`, lender can force all repayments to revert and force loan into default

Anyone can accept new terms by calling `rollLoan` due to lack of access control.

Lender can front-run `rollLoan` and call `provideNewTermsForRoll` with unfavorable terms

`ReLPContract` wrongfully assumes protocol owns all of the liquidity in the UniswapV2 pool

Improper precision of strike price calculation can result in broken protocol

The peg stability module can be compromised by forcing lowerDepeg to revert.

reLP() mintokenAAmount the calculations are wrong.

When adding a gauge, its initial value has to be set by an admin or all voting power towards it will be lost

Voters from VotingEscrow can vote infinite times in vote_for_gauge_weights() of GaugeController

If governance removes a gauge, user's voting power for that gauge will be lost.

Users can front-run calls to `change_gauge_weight` to gain extra voting power

Chainlink Oracle will return the wrong price for asset if underlying aggregator hits minAnswer

Oracle doesn't check if L2 Arbitrum sequencer is down

Calling `StandardFunding.screeningVote` function and `ExtraordinaryFunding.voteExtraordinary` function when `block.number` equals respective start block and when `block.number` is bigger than respective start block can result in different available votes

Use of unsafe `_mint` method

USDT will get permanently stuck in `FootiumPrizeDistributor.sol` and `FootiumEscrow.sol`

Usage of deprecated `transfer` method might lead to lose of funds

ChainlinkAdapterOracle's getPrice() doesn't check if Arbitrum L2 sequencer is down

Possible stale values from Chainlink oracle

Uniswap getting the price from all available pools for certain token pair possesses a risk

Lender can steal all of liquidator's tokens

Project breaks when a fee-on-transfer ERC20 is used as collateral

Lenders can steal all of the borrowers tokens.

Challengers and bidders can collude together to restrict the minting of position owner

function `restructureCapTable()` in Equity.sol not functioning as expected

If auction price goes to 0, NFT might become unclaimable/ stuck forever