Attacker will be able to reuse signature and force someone to over-pay for updating config

Donating small amount of reward tokens will infliate reward for other users

Vesting plan might not be modifyed with at desired amount under certain coditions

User is able to receive bigger amount shares for previous periods by transefering Bonds between another users

Incosistency between Eth amount before and after auction leads to unfair leverage, reserves decrese

Fee incosistency

Auction will be dosed forever in case remainder of division TotalBuyCouponAmount/maxBids != 0

Inconsistency beetwen MAX_BID_AMOUNT and poolSaleLimit could lead to DOS of auction

User is able to claim usdc for new period even if auction not ended yet in case there is enough unclaimed shares

Seller might acces initial market liquidity leading to loss of funds for users and temporary DOS

Mapping orders not being updated while order canceling and perfromUpKeep() leads to drain of funds from protocol

anyone can call updateDownsideProtected() to increment state variable and cause dos of main function in protocol

User is able to took funds from previous vouchers pool even if he the only, who vouched

underflow leads to be impossible to execute extendLoan function