In `Borrowing::depositTokens`, `strikePrice` is introduced by the user but it should be calculated based on `strikePercent` to avoid manipulation

`Borrowing::redeemYields` debits `ABOND` from `msg.sender` but redeems to `user` using `ABOND.State` data from `user`

Downside protection never ends, so renewing options is useless and `CDS` depositors are unfairly rewarded.

Liquidation type 2 does not update the deposit as liquidated

`usdaPrice` and `usdtPrice` are parameters used to calculate redeemable amount of `USDT` that allow anyone to drain the vault

Race condition when updating `GlobalVariables` data across chains

`LiquidationType.TWO` incorrectly updates `liquidationInfo` as empty in `CDS` of the other chain in an index that was already used

Liquidation type 1 incorrectly refunds to `user` instead of `msg.sender` allowing `user` to DoS liquidations of his positions

`ABONDToken::transferFrom` does not work as intended and allows theft of ETH funds from `Treasury`

`usdaGainedFromLiquidation` is not increased in the liquidation flow leading to stuck funds

In `Borrowing::depositTokens`, `ethVolatility` is introduced by user and hasn't sanity checks leading to incorrect option fees pricing

`noOfBorrowers` in `Treasury` can be manipulated affecting cumulative rate calculation and DOSing exit of users from the system

ETH sent to cover Layer Zero execution fees is not refunded

Liquidation type 2 will always revert because never gets from `Treasury` the `amount` of `ETH` needed to deposit in `synthetix`

Looping over unbounded `omniChainCDSLiqIndexToInfo` can lead to permanent DoS and frozen funds

Lack of access control in `MultiSig::executeSetterFunction` allows DoS of setter functions in `Borrowing` and `CDS`

Reentrant call in `Treasury::withdrawFromExternalProtocol` during the `Borrowing::redeemYields` flow allows theft of `Treasury` ETH

Rewards `rate` calculation leads to under-allocation and funds stuck

Liquidation does not prioritize lowest LTV tokens

Fixed fees calculation rounds down allowing borrowers take debt with zero cost

V3Utils.execute() does not have caller validation, leading to stolen NFT positions from users

`V3Vault.sol` permit signature does not check receiving token address is USDC

`JalaPair::_update` reverts due to underflow

`permit` function not implemented on `JalaPair`

THE USER WHO WITHDRAWS LIQUIDITY FROM A PARTICULAR POOL IS ABLE TO CLAIM MORE REWARDS THAN HE DULY DESERVES BY CAREFULLY SELECTING A `decreaseShareAmount` VALUE SUCH THAT THE `virtualRewardsToRemove` IS ROUNDED DOWN TO ZERO