Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

getPrice `salesOption` 2 can round down to the lower barrier, skipping the last time period

Auction payout goes to AuctionDemo contract owner, not the token owner

``FULL_RESTRICTED`` Stakers can bypass restriction through approvals

The Restriction Manager does not completely implement ERC1404 which leads to account that are supposed to be restricted actually have access to do with their tokens as they see fit

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

Inaccurate swap amount calculation in ReLP leads to stuck tokens and lost liquidity

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

Tokens with less than 18 decimals allow for draining of funds

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Precision loss allows users to giveLoans to pools with less collateral then required

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

Vault does not conform to ERC4626