Theft of collateral tokens with fewer than 18 decimals

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

Anyone can burn **DecentralizedStableCoin** tokens with `burnFrom` function

Double-spending vulnerability leads to a disruption of the DSC token

Double checks

`DSCEngine` should deploy its own `DecentralizedStableCoin`

User can not deposit ETH in LMPVault via router without being at loss

Incorrect Handling of Rewards During Asset Withdrawal from Destinations

perWalletLimit for feeSink may lead to DOS

Lack of access control in `mintRebalancer()` and `burnRebalancer()`

`getOwnValuation` calculation may overflow

No slippage protection in `UniV3SwapInput()` can lead to sandwich attacks.

`getPriceUSD()` has no check for round completeness and stale prices from Oracle

Use of deprecated chainlink function - `latestAnswer()`

Missing access control mechanism for `setCollateralEscrowBeacon` function

ERC1155 callback can cause critical griefing attack

Incorrect updation of critical mapping - ownerToRollOverQueueIndex

Rollover users are being minted previous epoch amounts instead of entitled share amount.

No check for zero TVL of either vault in triggerEndEpoch() leading to permanent freezing of funds

changeTreasury() function will always update vault's treasury address to factory's treasury address