transferReserveToAuction() will always revert due to getting wrong auction address

Current fee claiming model allows users to force protocol to collect less fee than expected

UniswapImplementation::setFee() will not work.

Protocol will treat unsupported assets, which were previously supported, as legit assets in health check and liquidation

Users will have to pay more than max payment amount when exercising ve (or lp) in some certain cases

Malicious users could extend other users' locks with dust lp, freezing fund withdrawals

Malicious users could grief other users by creating dust locks in vote escrow

Wfcash deposit might give incorrect amount of shares (wfcash) in some cases.

BunniSupply::getProtocolOwnedLiquidityReserves() returns incorrect amount of reserves

BunniPrice::getBunniTokenPrice() returns incorrect price

BalancerPoolTokenPrice::getStablePoolTokenPrice()'s approach might be wrong

balancerPool.totalSupply() might not give correct results for newer weighted pools

BunniPrice::_getBunniReserves() does not add uncollected fee into total value calculation

SingleSidedLPVault 's minting shares mechanism might make vaults broken

amount is not converted into correct decimal before allocating in depositAndAllocateForAccount()

Malicious lenders could force borrowers to give up their collateral by adjusting interest rate in Cooler contract

Malicious users could empty teller quote/payout tokens by repeatedly reclaim expired option token

Wrong pending locked balance subtraction when partyB opens a partially filled position

Function depositAndAllocateForPartyB does not correctly convert deposit amount into 18 decimals, leading to allocating only a fraction of it

Users can be forced to claim assets at bad rate in some cases

Lacking protection of mintRebalancer and burnRebalancer could give users control over ussd price

Miscalculation for amount of collateral to sell

Attackers can steal token from users who call erc20 approve to DepositStableCoinToDealer contract

Fee-on-transfer tokens will make collaterals stuck in escrow contracts.

Attackers can disable vault deposits for all users