`approveRedeemRequest()` takes the fee out of the redeemed yUSD, thus the user will not receive less collateral due to this

In `rewardPerToken()` a big rounding loss vector is uncovered

Dilution of rewards given that an attacker sends 1 wei every block

We would not be able to restake the LP tokens (symmio/usdc) if their total is less than the unlocked amount

`_getPoolFee()` gives you a zero fee for Arbitrum and passes it as a Uni V3 fee, giving it the impossibility of making the dex_adapter do the swap

synth scaling variable is subject to rounding twice when <`cf_critical`

Order is not deleted from the mapping

Creation of order ids is flawed

updateDownsideProtected() has no access control mechanism

`calculateCumulativeRate()` is called in liquidate, but updating `lastEventTime` is nowhere to be seen

Interest rate accrued from liquidation of debt can't be withdrawn

Repaying the loan and withdrawing collateral doesn't check the validity of the option

`withdrawUserWhoNotOptedForLiq()` retains part of the accrued usdA reward, but it can't be claimed

Resetting `lastEventTime` before calling `calculateCumulativeRate()` is problematic

Not updating `lastEthprice` in `borrowing::depositTokens()` leads to a stale eth price

`executeSetterFunction()` lacks any type of access control

Malicious actor can DoS the whole lending functionality resulting in all lending offers being stucked

`changePerpetual()` may underflow `activeOrdersCount`

Compromised addresses should be prevented from interacting with any functions that are available to addresses that have no compromised flag on them.

Re-registering an account doesn't reset it

_getReserveRatioScalar() will give a lesser value than expected

Tokens are stuck when CollectionShutdown.sol#cancel() is invoked

User can pay almost no interest if he first pays most of the debt through ProtectedListings.sol#adjustPosition()