Liquidations are impossible for some Curve pools

Vault cannot be deployed properly for newer Curve pools

Pools will be broken if tokens have different decimal amounts

Attackers may steal loan tokens from pool depositors

Attackers can force surge to never update the collateralization ratio

Attackers may skip the collateral ratio recovery duration to inflate collateralization ratios and steal funds

Attackers may steal reward tokens due to incorrect withdrawal accounting.

Bounties can be rendered nonfunctional by depositing and refunding an NFT.

Claims on Atomic Bounties can be forced to revert by depositing malicious ERC20s.

It is impossible to reduce the quantity of a bounty's payout tiers

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Users may not claim Erc1155 rewards when the Quest has ended

Crafted p2p spam can render nodes permanently unable to process L2 blocks

Protocol may ignore failed transfers

Loans may be rolled over to infinity

`toggleRoll()` may be frontran