Bad price assumption that stETH equals WETH

Permit functions in Routers cannot be called

_update will overflow and break all contract functionality

TVL can be manipulated when withdrawals are triggered outside of Rio

queueCurrentEpochSettlement() does not advance current epoch leading to broken withdrawal accounting

Deposits may be front-run by malicious operator to steal ETH

Attacker can deposit just before rewards are distributed and steal rewards

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Fighter created by mintFromMergingPool can have arbitrary weight and element

Caller of Upkeep may skip step 11 to save gas

Lack of input validation for executeWithdraw leads to total loss of funds

Donation attack can steal other user's funds in FundingRateArbitrage

First Founder unable to mint token due to tokenId incorrectly set to reservedUntilTokenId

Malicious DOS by pausing contract

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

No slippage protection on `stake()` in SafEth.sol