enlistInRollover updates ownerToRollOverQueueIndex incorrectly

DepositFee can be avoided completely

User will almost always incur a loss when they rollover

Malicious users can prevent the user at the end of the queue from rolling over

It's possible to permanently DOS the rollover system

triggerEndEpoch can be called on null epochs

attacker can drain the premium vault if depegging happens before the epoch starts

getLastestPrice can return stale price

Relayers for the rollover queue can be griefed

Player can prevent rebalancing from completing by allocating to blacklisted protocols.

XChainController does not reset vault's totalWithdrawalRequests

pushTotalUnderlyingToController can still be called even if the vault is inactive

Pullfunds can end before the necessary funds have been pulled

Players can call rebalanceBasket before rewards have been pushed to the game

Liquidate calculations are incorrect when position borrows more than 1 type of token

vault LPTokens can stay in ichiVaultSpell after closePosition() and be drained by another user

Underlying amount after withdrawLend is incorrect if hard/soft vault has withdraw fee

Data returned from latestRoundData() not sufficiently checked

Drips that end after the current cycle but before its creation can allow users to profit from squeezing

PaprController.buyAndReduceDebt: msg.sender can lose paper by paying the debt twice

`PaprController` pays swap fee in `buyAndReduceDebt`, not user

Protocol safeguards for time durations are skewed by a factor of 7. Protocol may potentially lock NFT for period of 7 years.

Raffle creator can rug participants

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

`saleReceiver` and `feeReceiver` can steal refunds after sale has ended