[WP-H3] `saleRecipient` can rug buyers

[WP-H8] `ConvexStakingWrapper.sol#_calcRewardIntegral` Wrong implementation can disrupt rewards calculation and distribution

Unconstrained fee

Failed transfer with low level call could be overlooked

Pair creation can be denied

updateYieldStrategy will freeze some funds with the old Strategy if yieldStrategy fails to withdraw all the funds because of liquidity issues

[WP-H5] `L1Migrator.sol#migrateETH()` dose not send `bridgeMinter`'s ETH to L2 causing ETH get frozen in the contract

Admin can rug L2 Escrow tokens leading to reputation risk

L1Migrator.migrateLPT` can be used to take away protocol's access to LPT tokens in BridgeMinter

deposit() function is open to reentrancy attacks

Withdrawers can get more value returned than expected with reentrant call

Vaults with non-UST underlying asset vulnerable to flash loan attack on curve pool

Vault can't receive deposits if underlying token charges fees on transfer

unsponsor, claimYield and withdraw might fail unexpectadly

Changing a strategy can be bricked

Manipulation of the Y State Results in Interest Rate Manipulation

Failed transfer with low level call could be overlooked

Anyone can liquidate credit line when autoLiquidation is false without supplying borrow tokens

Malicious tickets can lead to the loss of all tokens

Continue claiming reqrds after numberOfEpochs are over

cancelPromotion is too rigorous

Rewards can be claimed multiple times

getRewardsAmount doesn't check epochs haven't been claimed

recoverTokens doesn't work when isSale is true

Wrong calculation of excess depositToken allows stream creator to retrieve `depositTokenFlashloanFeeAmount`, which may cause fund loss to users

Storage variable unstreamed can be artificially inflated

Frontrunning in UniswapHandler calls to UniswapV2Router

Auction collateralToken won't work if token is fee-on-transfer token

Bonding.sol _unbondAndBreak does not account for edge case where no tokens are returned

AbstractRewardMine.sol#setRewardToken is dangerous

AuctionParticipant.sol: `purchaseArbitrageTokens` should not push duplicate auctions

AuctionParticipant.sol: `setReplenishingIndex` mistake could freeze unclaimed tokens

isUnderwater returns opposite boolean for short positions

_totalSupply not updated in _transferMint() and _transferBurn()

CDP.sol update overwrites user's credit on every positive increment

Liquidation will never work with non-zero discounts

Anyone can extend withdraw wait period by depositing zero collateral

Wrong calculation of `erc20Delta` and `ethDelta`