all allowances can be steal

createAgentWithWhitelistUsers can bypass using createAgentWithNFT

function endAuction() always revert in state = State.SUCCEEDED

user can break the flow core of the auction if their address added in blacklisted token

TokenManager - Unlimited withdraw

Broken `convertToUsdValue` calculation on tokens that have more than 18 decimal places

Lender contract can be drained by re-entrancy in `setPool`

Sandwich attack to steal all ERC-20 tokens in the Fees contract

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Attacker can steal a loan's collateral and break the protocol

Token spending by Uniswap router doesn't get approved

Lender contract can be drained by re-entrancy in `seizeLoan`

Liquidation Is Prevented Due To Strict Implementation of Liqudation Bonus

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

All of the USD pair price feeds doesn't have 8 decimals

High - Funds can be lost if any participant is blacklisted

A malicious user can steal all allowances

contracts not work with token does not comply with the ERC-20 standard

Lacks check to ensure the arbitrum sequencer is down

UniV3SwapInput do not have any slippage protection

Transfers can fail

Malicious users could steal funds from other users due to a lack of input data validation

Users could avoid be liquidated

malicious user can break mintDepositInQueue making users loss fund

users can make other user not mint their position in mintRollovers

Too many depositQueue can cause the mintDepositInQueue reach the block gas limit

Malicious seller can withdraw at same cycle what deposit

Deposit can fail after lockCapital in ProtectionPool.sol

function rebalance in PerpDepository.sol It doesn't work