Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

Centralization Risk for trusted organizers

DAI Tokens at Risk Due to Lack of address(0) Check in distribute

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Using forged/fake lending pools to steal any loan opening for auction

Fee on transfer tokens will cause users to lose funds

Single-step process for critical ownership transfer is risky

Uncheck Arithmetic where overflow/underflow impossible

Use if + custom errors instead of using require + string

Unbounded loop in Lender.sol functions may revert.

Lender.sol: The error being `PoolConfig` in most cases is completely a downside of protocol as users can't know the reasons to why their transaction failed

Repeated code

Use unchecked for collateral

staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.

Too many DSC tokens can get minted for fee-on-transfer tokens.

Zero address check for tokens

using x=x+y /x=x-y is more gas efficient than x+=y / x-=y

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

The nonReentrant modifier should occur before all other modifiers

collateral and debt to cover not validated

The `nonReentrant` `modifier` should occur before all other modifiers