Owner of a position can prevent liquidation due to the 'onERC721Received' callback

Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

PrincipalToken is not ERC-5095 compliant

All claimed rewards will be lost for the users using the account abstraction wallet

When `DecentBridgeExecutor.execute` fails, funds will be sent to a random address

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

Users can use the protocol freely without paying any fees by calling the `DecentEthRouter::bridgeWithPayload()` function directly.

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

A subject creator within a single block can claim holder fees without holding due to unprotected reentrancy path

onBalanceChange causes previously unclaimed rewards to be cleared

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Wrong Implementation of `LiquidationPool::empty` excludes holder with pending stakes when decreasing a position, resulting in exclusion from asset distribution

Removal of approved token from token manager can lead to unintended liquidation of vaults

Once EntropyRateBps is set too high, can lead to denial-of-service (DoS) due to an invalid ETH amount

Since art pieces' size is not limited, attacker may block AuctionHouse from creating and settling auctions

MaxHeap.sol: Already extracted tokenId may be extracted again.

It may be possible to DoS AuctionHouse by specifying malicious creators

No slippage protection for Market functions

Update in strategy will cause wrong issuance of shares

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

`emergencyPause` does not check the state before running && can cause loss of funds for users

Invariant violation (funds could remain in the vault and a depositor could benefit from it)

Emergency Closed Vault Can Be Paused Then Resume

Consider erasing cache after completing deposit/withdraw/rebalance/compound operations

Collateral could be transferred to an address, which is not `SAFEHandler` managed by the `SAFEManager`

Updating `SafeManager` address in the `Vault721` will disable NFV minting

`ODSafeManager#allowSAFE()` cannot be executed either by the proxy contract or any other address.

Cached `DOMAIN_SEPARATOR` is incorrect for tranche tokens potentially breaking permit integrations

Malicious lender could DoS repay functionallity and always default loans.

Borrower has no choice whether to roll a loan. Lender could propose extreamly large interest rate, which will benefit the lender.

The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations

The `digest` calculation in `deployProxyAndDistributeBySignature` does not follow EIP-712 specification

Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function

Insufficient validation leads to locking up prize tokens forever

Tokens with less than 18 decimals allow for draining of funds

Using forged/fake lending pools to steal any loan opening for auction

Missing Events Emitting

Uncheck Arithmetic where overflow/underflow impossible

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

All of the USD pair price feeds doesn't have 8 decimals

Improving the burnDsc() to allow users to mitigate their liquidation's impact

Zero address check for tokens

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

No amountCollateral > balance check