Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

Approved tokens to BlueprintCore might get stolen since payWithERC20() is a public method

updateWorkerDeploymentConfigWithSig allows for signature replay so that older versions of updates might be set

Using the same heartbeat for multiple price feeds

Auctioneer.auction() function incorrectly updates lotRouting mapping with key always being lotId==0 which breaks the auction functionality entirely

There may be a situation where atomic auction seller might not get his prefunded amount back due to blockstuffing or traffic congestion

If pfBidder gets blacklisted the settlement process would be broken and every other bidders and the seller would lose their funds

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

takeOverDebt function assigns loans and adds keys to the previous borrowing key, not the new one

Incorrect calculations of borrowingCollateral leads to DoS for positions in the current tick range due to underflow

An allocator can allocate his votes indefinitely which breaks the purpose of quadratic voting

The protocol is incompatible with fee-on-transfer tokens

An allocator can game the fairness of vote calculations by providing batches of relatively small amount of votes for one recipient instead of voting in full with his vote credits

Increasing reserves breaks PrizePool accounting

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

Internal vault's balance for debt token is not updated upon liquidation

Total borrow amount is not updated upon liquidation

Incorrectly updated balance in _poolRepayAll() function

getPrice() and getOriginalPrice() doesn't check whether arbitrum sequencer is down