Token distributor sends project tokens to `msg.sender` instead of to VC's `kycAddress`, allows direct stealing with front-running

No access control on `updateExtension()`, anyone can become a protocol-wide operator and change any positions at will

`WinnablesTicketManager.refundPlayers()` never updates `_lockedETH`, causing subsequent protocol revenues to be permanently locked

Raffles can be instantly cancelled by anyone as soon as they are created

No validation for `prizeManager`, anyone can lock prizes forever by calling `cancelRaffle()` or `propagateRaffleWinner()` with an arbitrary address

Admin can unrestrictedly affect the odds of a raffle by setting themselves up with role(1) in `WinnablesTicket`

`_setRole()` always grants the user the role, regardless of whether `status` is set to true or false

Admin can deny winnings by disabling the approved CCIP counterpart, causing results propagation to fail

Out-of-gas revert in `WinnablesTicket.ownerOf()` may prevent raffles from settling, locking prizes in the Manager

Raffles with exactly `minTicketsThreshold` tickets sold can still be cancelled

`rescueERC20()` does not rescue stream tokens, however it is easily possible to support such functionality.

Pool designed to be upgradeable but does not set owner, making it unupgradeable

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Solmate's ERC20 does not check for token contract's existence, which opens up possibility for a honeypot attack

Pool designed to be upgradeable but does not set owner, making it unupgradeable

A "FrontRunning attack" can be made to the `initialize` function

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

Permanent freeze of vested tokens due to overflow in _baseVestedAmount