Tokens waiting in `_rewardsSwapAmountInOverride` to be re-tried is not re-tried before `setShares` in `TokenRewards.sol`

Lack of slippage protection in `sellVotes` causes loss of user funds

Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

Exposed `_removeCredIdPerAddress` & `_addCredIdPerAddress` allows anyone to cause issues to current holders as well as upcoming ones

`shareBalance` bloating eventually blocks curator rewards distribution

Signature replay in `createArt` allows to impersonate artist and steal royalties

`PhiFactory:claim` Potentially Causing Loss of Funds If `mintFee` Changed Beforehand

Attacker can DOS user from selling shares of a credId

Lack of data validation when users are claiming their art allows malicious user to bypass signature/merkle hash to provide unapproved `ref_`, `artId_` and `imageURI`

`vestTokens` bug in MultiFeeDistribution.sol causes new incentives to erase previous incentives

bug in `claim` allows users who are disqualified to claim their previously earned emissions

Rewards may be spread out among the **wrong time period** due to the way the protocol calculates it

`lastRPS` could be set to `0` accidentally

Users of a vault can steal other user's rewards when one vault's `lastRewardTime` differs from another vault's `lastRewardTime`

Multicall does not work as intended