Functions in superPool do not check if the pool is paused

`redeem` and `withdraw` do not include slippage protection

`SuperPool` is ERC-4626 compliant, but the `maxWithdraw` & `maxRedeem` functions are not fully up to EIP-4626's specification

No incentive to liquidate small position can lead to bad debts

Claimable gauge distributions are locked when `pauseGauge `is called

A user can be made to pay more/less payment tokens than intended when `exerciseLp` is called

First liquidity provider of a stable pair can DOS the pool.

Users can get less amount of tokens while instant redeeming due to lack of slippage checks

incorrect price for negative ticks due to lack of rounding down

`updateIRMParams` does not call `applyInterestForToken` before updating `irmParams` which leads to incorrect calculation of interest rate for subsequent trades.

Liquidity manipulation is possible when trading

Vaults can become immune from liquidation by setting `vault.recipient` to a blacklisted quote token address

Chainlink's `latestRoundData` might return stale or incorrect results

`PendleConnector` incorrectly sends the redeemed `PT` tokens to the market instead of the

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

Numerous errors when calculating the TVL for the MorphoBlue connector

In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true

LP tokens from Boosted Positions are not included in the TVL calculation of a position held by the MaverickConnector

Withdrawals in AccountManager are prone to DOS attacks.

The total deposit amount limit in `AccountingManager.sol` can be bypassed

Missing calls to `_updateTokenInRegistry` leads to incorrect state of tokens in registry

Incorrect modifier condition

`AccountingManager` contract's `previewDeposit`, `previewMint`, `previewWithdraw`, and `previewRedeem` functions are not compliant with EIP-4626 standard

Extra rewards are not updated in curve connector when harvestConvexRewards is called

Camelot and Aerodrome Connector TVL susceptible to manipulation attack

Using the same heartbeat for multiple price feeds

Wrong calculation of ema in `ZivoeMaths.sol` will lead to wrong updates of the Weighted Moving average of Tranche Size.

Highest bidder can cancel his bid and close the auction to win the auction.

`EMPAM.sol::_settle()` `settlement_.totalIn` will silently overflow

DoS and gas griefing of calls to Prime.updateScores()

Lack of checking the existence of the Proxy contract

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Use better name in sellProfits function