Lender can prevent borrower from repaying the loan

Anyone can roll the loan on behalf of the borrower increasing the debt

Incorrect parameters passed to UniV3 may cause funds stuck in the vault

Proposal requiring native coin transfers cannot be executed

Liquidator can use outdated prices during liquidation

Fee increase can be sandwiched by users to extract value

PartyB liquidation can stuck forever freezing user funds

Liquidation can incorrectly set partyA balance as 0

If fee is withdrawn from fee collector it is impossible to cancel pending quote

It is not possible to execute actions that require ETH (or other protocol token)

When user updates their rollover position, ownerToRollOverQueueIndex is incorrectly assigned

Adversary can block rollover by adding a smart contract that rejects new shares when minted

Depeg cannot be triggered if asset restores its peg after a short depeg

Missing null epoch check in `triggerEndEpoch`

Emissions on null epoch can't be recovered

Buyer can get protection cheaply using renewal grace period and low minimal renewal duration

Protection amount can be increased when renewing which opens possible manipulation vectors

Protection can be bought unlimited number of times for the same loan

Attacker can DoS the contract by making many small protection purchases

Seller can request multiple withdrawals using same sTokens by using multiple addresses

Seller can use same sTokens to request withdrawals for two different cycles

Sellers can deposit protection right after borrower payment and before accrual gaining an advantage

Protection buyer can front-run default in the first 90 days

Attacker can fund a bounty with an invalid token and freeze all claims

Refunding NFT deposits leads to broken bounty

Refunding deposit from a tiered percentage bounty can break claiming

Attacker can block NFT deposits for the bounty by filling up the limit

Locked funds calculation is invalid if part of the reward pool was claimed

Inconsistent calcuation of token address limit

Multiple accounts can have the same identity

Possible scenario for Signature Replay Attack

RabbitHoleReceipt's address might be changed therefore only manual mint will be available

Users may not claim Erc1155 rewards when the Quest has ended

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

Loan can never be fully repaid

Borrower can roll a loan over several times in a row which may not be desirable for the lender

Use safeTransfer/safeTransferFrom instead of transfer/transferFrom

Risk using Blacklistable tokens

Lender can't disable rolling when creating a loan making the transaction back-runnable

Blacklisted USDC address can break contract functionality

Incorrect borrow margin calculation when increasing loan amount of Synth assets

Possible drift from expected virtual price over time