Sandwich attack to steal all ERC-20 tokens in the Fees contract

Borrower can bypass maxLoanRatio's configuration of a pool via buyLoan()

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Using forged/fake lending pools to steal any loan opening for auction

Attacker can steal a loan's collateral and break the protocol

No expiration deadline leads to losing a lot of funds

Single-step process for critical ownership transfer is risky

Multiple accesses of a mapping/array should use a local variable cache.

Initialize variables outside the loop

Theft of collateral tokens with fewer than 18 decimals

All of the USD pair price feeds doesn't have 8 decimals

Precision loss when calculating the health factor

Double checks

Use `==` instead for `<=` for `uints` when comparing for `zero` values

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

[H-01] Lack of emergency withdraw function when no arbiter is set

Use nested `if` statements instead of logical AND (`&&`)

Use predefined address instead of `address(this)`

EUSD.mint function wrong assumption of cases when calculated sharesAmount = 0

Incorrect function call in LybraRETHVault's getAssetPrice