CompoundRewards Can Destabilize Vault Leverage to Trigger Subsidy Farming

Accumulated Interest Redirected as Subsidy Prevents Protocol Profitability

Denial-of-Service via Instant Withdrawals to Exhaust Periodic Redeem Cap

A reserve's `d_supply` is incorrectly updated and stored after flash loan execution

Potentially sensitive issue - disclosed privately

OverCalculation of marketFunds in buyVotes

Malicious users can pay less voucher fee

Lack of slippage protection in sellVotes function

DoS at process vouch fundion leads to loss of funds

Malicious user can DoS claim humanity at vouching state

hanleBadDebt doesn't clear badDebt completely

claimDeposit function can lead to loss of pending deposit amount

Attacker can DoS redeeming of PT and YT tokens

Anyone can prolong the time for the rewards to get distributed

PartyGovernanceNFT.sol#mint - User can delegate another user funds to themselves and brick them from changing the delegation

Borrower has no way to update `maxTotalSupply` of `market` or close market.

when a loan defaults, lender can lost the unclaimed amount

Lender can abuse borrower

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

Put settlement can be anticipated and lead to user losses and bonding DoS

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called

Everyone can burn free tokens in USSD contract

Inflation attack to rebalance

removed collateral can't be accessible

borrower escapes from depositing collateral

Lender makes unexpected commitment for borrower

When the challenge is successful, the user can send tokens to the position to avoid the position's cooldown period being extended

Challenges can be frontrun with de-leveraging to cause lossses for challengers

adding new internal reward token can lock some functionalities

freezing user rewards for a while

Malicious user can manipulate premeium price before buy protection

protection seller can withdraw funds before being locked in case of lending pool deafault

buy protection doesn't assesses LendingPools status before verifyProtection

Protocol fees can be withdrawn multiple times in `Erc20Quest`

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

ETH will get stuck if all NFTs do not get sold.

Fallback oracle is using spot price in Uniswap liquidity pool, which is very vulnerable to flashloan price manipulation