Incorrect leverage collateral value's calculation

Malicious users can cancel all raffles when the raffle status is changed to `PRIZE_LOCKED`

Malicious users can manipulate prizeManager/chainSelector in cancelRaffle()

The admin can manipulate the raffle winner after randomword is generated.

Admin role can manipulate the winner role via adding another CCIP counter part

reallocate() may be dos because of improper approve in USDT

Funds in MlumStaking may be used to vote twice

Non-functional vote() if there is one bribe rewarder for this pool

normal bribe rewarders may be blocked by malicious bribe rewarders

voters may lose some bribe rewarder if bribe rewarder's reward token is token with fee-on-transfer

Users' position in MlumStaking can be extended by malicious users

Some claimable gauge rewards will be locked if the gauge is killed

poke() may be dos

Users may not create lock in VotingEscrow.sol because of dos

Lack of slippage control for exerciseVe()/exerciseLp()

swap may be reverted if the input amount is not large enough, especially for low decimal tokens

first LP provider may cause pool dos

Lack of access control for function batchUpdateAccountToken

cancelMintStakeToken might be reverted in some cases

redeem stake token may be Dos because there is not enough balance in stake pool.

LP holders may lose their stake fee rewards

Lack of timely update borrowing fee when update position's margin

Uninitialized cache.redeemFee cause 0 redeem fee

Incorrect changeAmount calculation in updatePositionFromBalanceMargin

Incorrect `reduceAmount` usage in updateAllPositionFromBalanceMargin

Users can use weth to replace any margin token in createUpdatePositionMarginRequest()

Traders may decrease the loss via decrease the position's margin

Lack of decreasing totalCollateral when withdraw

Incorrect settleFee process for cross-margin account

Lack of execution fee mechanism in AccountFacet

Lack of oracle setting in autoReducePositions

Incorrect protocol fee split in _splitProtocolFee()

Users can pay less minting fees than expected via mintBatch()

Possible signature attack in TitlesGraph::acknowledgeEdge()/unacknowledgeEdge()

_feeReceivers should be updated when transferWork

Non-functional ether refund in Edition::mint()

Function mintBatch() will be reverted if `tokenIds_`'s length is larger than 1

User's requestDeposit funds may be lost via claimAndRequestDeposit()

Vault inflation attack in StEtherAdapter::prefundedDeposit()

Malicious DVP can cause dos attack in FeeManager

Trader's position may be locked in DVP

Trader can pay less trader fee by limit order

Leverage position can be unlocked in one limit order.

repeat deposit/withdraw to earn lot of FMP

improper priceDiff usage when offchain price is invalid

Need timely update stableCollateralTotal before checkSkewMax()