All tokens can be stolen from `VirtualAccount` due to missing access modifier

Reentrancy in `USDO.flashLoan()`, enabling an attacker to borrow unlimited USDO exceeding the max borrow limit

Liquidated USDO from BigBang not being burned after liquidation inflates USDO supply and can threaten peg permanently

`totalCollateralShare` state variable not updated in `Singularity` market upon liquidation, resulting in an error on `addCollateral` with skim functionality

Incorrect `eligibleAmount` for `AirdropBroker` Phase 3

Incorrect accounting for yieldBoxShares in SGLLiquidation results in wrongly read values

In case of Loss to the Yearn Vault, the Contract will stop working until the loss is repaid

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

[HB09] `emergencyWithdraw` on all strategy contracts useless without a pause mechanism