Centralisation risk in `setProtocolFee()`

Funds can be frozen due to refunding functionality DOS

Malicious token can be used to fund bounty and prevent claiming of funds.

Ability to fund bounty can suffer DOS

transfer() depends on gas consts

Use of `payable.transfer()` may lock user funds

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Grieffer beneficiary can cause DOS

Use a safe transfer helper library for ERC20 transfers

Code credits fee-on-transfer tokens for amount stated, not amount transferred

Burn access control can be bypassed

token transfers in LiquidityReserve and Staking contract don't support deflationary ERC20 tokens, and user funds can be lost if stacking token was deflationary

Anyone can create Proposal Unigov Proposal-Store.sol

It's not possible to execute governance proposals through the GovernorBravoDelegate contract

Comptroller uses the wrong address for the WETH contract

Overprivileged admin can grant unlimited WETH

Unable to check `state()` if `proposalId == 0`

Only the `state()` of the latest proposal can be checked

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

Use safeTransferFrom instead of transferFrom for ERC721 transfers

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

User's may accidentally overpay in `buyOption()` and the excess will be paid to the vault creator

Many unbounded and under-constrained variables in the system can lead to unfair price or DoS

Chainlink pricer is using a deprecated API

`sendCollateralTo` is unchecked in `closeLoan()`, which can cause user's collateral NFT to be frozen

When an attacker lends to a loan, the attacker can trigger DoS that any lenders can not buyout it

Reliance on lifiData.receivingAssetId can cause loss of funds

Swap functions are Reenterable

Reputation Risks with `contractOwner`

Anyone can get swaps for free given certain conditions in `swap`.