Missing sellable check in completePurchase will cause a user to buy a token marked as unsellable by S2ADMIN if it was listed beforehand

An attacker can DoS vault's buyout with as little as 1 wei per 4 days

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Reentrancy issues on function `distributePayoutsOf`

Put options are free of any fees

Use of Solidity version 0.8.13 which has two known issues applicable to PuttyV2

`_storeRebase()` is called with the wrong parameters

BathToken LPs Unable To Receive Bonus Token Due To Lack Of Wallet Setter Method

No cap on fees can result in a DOS in BathToken.withdraw()

Early funds withdrawers can get bonus in multiples of vested bonus tokens (e.g. 2-times, 3-times, etc.)

Inefficiency in the Dutch Auction due to lower duration

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

Owner can set the feeRate to be greater than 100% and cause all future calls to `exercise` to revert

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

Malicious token reward could disable withdrawals

Missing check in the updateValset function

CNft.sol - revert inside safeTransferFrom will break composability & standard behaviour

_revokeRole doesn't remove account from roleMember set

Seven ways in which the Owner and Proxy Admin can make users lose funds ("rug vectors")

CoreCollection can be reinitialized

Centralisation RIsk: Owner Of `RoyaltyVault` Can Take All Funds

Not handling return value of transferFrom command can create inconsistency

Function cooldown() is not protected when protocol in emergency mode

UserLock information can be found during emergency mode

Improper Upper Bound Definition on the Fee

Updating the hub’s token contract address may lead to incorrect undelegation amount

Loss of pending messages (if any) in case removeConnectedChain is called

Liquidations can be run on the bogus Oracle prices

Seven ways in which the Owner and Proxy Admin can make users lose funds ("rug vectors")

During stake or deposit, users would not be rewared the correct Concur token, when MasterChef has under-supply of it.

possibility of minting rJOE tokens before ownership is changed to RocketJoeStaking

cancelPromotion is too rigorous

Storage variable unstreamed can be artificially inflated

OZ ERC1155Supply vulnerability

_totalSupply not updated in _transferMint() and _transferBurn()