Old router retains token allowance after update

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

uses `ERC20.approve` instead of safe approvals, causing it to always revert on some ERC20s

Minting zero tokens when underlyingToken is not Ether in cashIn()

attacker can front-run `claim` function and steal user tokens

Sequential Fee Calculations Lead to Lost Platform Revenue Due to Precision Loss

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

CreateOffer allows eachTradeTax to be 100% ( 10000 bp ) violating code assumptions

Pause and unpause functions are inaccessible

`WellUpgradeable` can be upgraded by anyone

IERC20.transferFrom wil fail for USDT

`executeOperation` will revert if _flashToken is USDT

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Pragma isn't specified correctly which can lead to nonfunction/damaged contract when deployed on Arbitrum

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

Events may be emitted out of order due to reentrancy

Staking rewards can be drained