Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

onBalanceChange causes previously unclaimed rewards to be cleared

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

Unchecked transfer failure leads to possible accounting error in `FootiumPrizeDistributor.claimERC20Prize` and locked tokens

Missing access control on `commitCollateral` allows any malicious user to transfer the borrower many tokens and commit them as collateral to DoS a bid's acceptance

Borrower can front-run lenderAcceptBid to modify collateral amounts or IDs

A malicious market owner who is also a lender can manipulate fees to accept a bid where the borrower does not receive any principal

Market owners can setBidExpirationTime to a value that will not allow any bid to be accepted

DOS of market operations with malicious offers

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

potential stake() DoS if sole safETH holder (ie: first depositor) unstakes totalSupply - 1

No slippage protection on `stake()` in SafEth.sol