Attacker will steal funds from KYC'd users by frontrunning `claim`

No protection implemented against listing clone NFTs

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

BuyerAgent Batch Purchase Failure Due to Asset Transfer or Approval Revocation

It is possible to avoid paying the `protocolFee`

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

`VaultManagerV2.sol::burnDyad` function is missing an `isDNftOwner` modifier, allowing a user to burn another user's minted DYAD

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

Liquidating positions with bounded Kerosen could be unprofitable for liquidators

[H-01] Highest bidder can cancel their bid and withdraw their collateral.

Updated `getCashPrior()` function returns incorrect amount of funds owned by the protocol.

Delegators can cause loss of rewards to validators.

Attacker can force reduce `minAmountOut` from vault swaps, making they vulnerable to being sandwiched.

Liquidation Is Prevented Due To Strict Implementation of Liqudation Bonus

Anyone can burn **DecentralizedStableCoin** tokens with `burnFrom` function