Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Malicious users can prevent holders from claiming their rewards during a reward cycle by skipping it.

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

Distribution can be bricked, and double claims by a few holders are possible when owner calls `LiquidInfrastructureERC20::setDistributableERC20s`

No slippage protection for Market functions

The price of rsEHT could be manipulated by the first staker

Protocol mints less rsETH on deposit than intended

Lack of slippage control on LRTDepositPool.depositAsset

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

Borrower has no way to update `maxTotalSupply` of `market` or close market.

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

Lack of timelock on rigidRedemption, enables to steal yield from other users

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called

Exploiter can avoid negative Lido rebases stealing funds from EUSD vaults

Rerange/rebalance should not use protocolFee as asset for adding liquidity