Malicious actors can front-run setYieldConvEnabled

The protocol gets fee more than expected

Users pay fee just when remaining pTkn is greater than zero

`AutoCompoundingPodLp::_totalAssets` is stale in some cases and users get more share than real amount

`Auction::endAuction` will be reveretd because of `Pool::transferReserveToAuction`

`Auction::bid` can be reverted because of blocked addresses

Malicious actors can prevent auction to be succeed

There isn't data feed in term of USD for all assets mentioned in Readme

users can pass arbitrary strike price as parameter to Borrowing::depositTokens

Users can use signatures multiple time that has been generated by the admin in borrowing contract

malicious actors can drain treasury

There isn't any force for users to call `Borrowing::renewOptions`

BorrowLib::borrowerDebt will be computed based on stale cumulative rate

hasDeposited remain true when depositedAmountInETH is zero

Borrowing::liquidate will be reverted

synthetixPerpsV2.transferMargin will be reverted because of insufficient token amount

sUSDs will be stuck in Synthetix

multiSign::executeSetterFunction can be call by anyone

users can pass arbitrary volatility as parameter to Borrowing::depositTokens and change option fee in favor of themself

legitimate users cannot withdraw their assets from CDS contract

dust amounts will be removed in OFT tokens

users pay fee more than actual value in ReputationMarket::buyVotes

withdrawGraduatedMarketFunds will be reverted because of insufficient balance

lack of slippage control in sellVotes

users pay fee more than expected in EthosVouch::vouchByAddress

malicious user can steal other users' assets

NFTs will be locked in buyOrder contract

users cannot claim their incentives because of precision loss

malicious users can steal other users' incentives

malicious user can drain solana vault

Funding fee will be zero because of precision loss

LPs cannot specify min amount received in burn function, causing loss of fund for them

buidl tokens will be locked in RedemptionVaultWIthBUIDL

Admin cannot update some global vars based on specification

Admin cannot withdraw leftover assets in winnerableTicketManager contract

Admins can change raffle's winner in favor of themself

‌Bribe givers cannot sweep their residual assets

Voters cannot claim their rewards

If a user sets BribeRewarder for a specific pool all votes for that pool will be reverted

_accRewardsPerShare is computed wrongly if unlockOperator calls emergencyWithdraw

voters cannot disable max lock

exerciseVe and exerciseLp are vulnerable to MEV

Users can manipulate their balance without any cost

Stakers cannot redeem their funds

stakers loss their reward if they redeem their xToken

User can deposit more than collateral user capacity

lossFee always will be zero in process execution fee

Users loss their payed executionFee if the protocol calls autoReducePositions function

autoReducePositions function can has significant losses for the protocol

Malicious user can postpone ZVE stakers reward