Wrong accounting of ethBalanceInUnverifiedValidators when validating withdraw credentials

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

DoS and gas griefing of calls to Prime.updateScores()

Message channels can be blocked resulting in DoS

`VaultFactory` allows deployment of vaults with non-authentic `TwabController` and `PrizePool`

Lack of access control in mintRebalancer allows uncontrolled minting of USSD

StableOracleWBTC - price feed used is for ETH - USD

If collateral factor is high enough, flutter ends up being out of bounds

Incorrect protocol fee is taken when changing NFTs

Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

Residual ETH unreachable and unuitilized in SafEth.sol

Borrower can roll the loan an arbitrary number of times, changing the terms of the loan by too much

Lender can steal collateral from borrower

Coding logic of the contract upgrading renders upgrading contracts impractical

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

Lack of access control in withdrawFromGauge allows any user to steal collateral

Time delay for RoleControl in isoUSDToken contract has a wrong value

Reentrancy in withdrawToken could lead to funds drained

Malicious bull can match order multiple times

User can get much more voting power than he/she should

When a proposal is passed proposalsCreated is incremented instead of proposalsPassed

Veto function should decrease proposalsPassed (and possibly proposalsCreated)

Denial of service when `baseAmount` is equal to zero

Avoidable misconfiguration could lead to INVEscrow contract not minting xINV tokens

Oracle assumes token and feed decimals will be limited to 18 decimals

Converter is not approved to spend Redeemer's tokens for the case of Sense

setPrincipal fails to approve Notional contract to spend lender's underlying tokens

Users can loose their Illuminate tokens if amount to redeem is greater than holdings[u][m]

Transfering funds to yourself increases your balance

Permanent freeze of vested tokens due to overflow in _baseVestedAmount

Supply cap of VariableSupplyERC20Token is not properly enforced

Founders can receive less tokens that expected

Project funds can be drained by reusing signatures, in some cases

A VAULT OWNER CAN BE ALSO THE CONTROLLER AND ARBITRARILY SET THE SECONDARY MARKET ROYALTIES

Functions in the `BatchRequests` contract revert for removed contract addresses