No slippage protection for Market functions

Users will lose rewards when buying new tokens if they already own some tokens

Lack of slippage control on LRTDepositPool.depositAsset

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

The peg stability module can be compromised by forcing lowerDepeg to revert.

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

The owner of RPDX Decaying Bonds is not updated on token transfers

Attacker can pass duplicated reward token addresses to steal the reward of contract `twTAP.sol`

Attacker can prevent rewards from being issued to gauges for a given epoch in TapiocaOptionBroker

Incorrect `eligibleAmount` for `AirdropBroker` Phase 3

`TapiocaOptionLiquidityProvision.registerSingularity()` not checking for duplicate assetIds leading to multiple issues.

possible reeentrancy if rewardToken is ERC777 or execute arbitrary code on senders/receivers using hooks

Incorrect emoji displaying

Multiple accounts can have the same identity

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Possible scenario for Signature Replay Attack

RabbitHoleReceipt's address might be changed therefore only manual mint will be available

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

User may loose rewards if the receipt is minted after quest end time