Protocol fees can be withdrawn multiple times in `Erc20Quest`

Possible scenario for Signature Replay Attack

When `rewardToken` is erc1155/erc777,an attacker can reenter and cause funds to be stuck in the contract forever

Users may not claim Erc1155 rewards when the Quest has ended

If debt token has a blacklist (like USDC / tether / ...), then repay() does not work for borrower

Not checking return value for ERC20 transferFrom and transfer

Missing check for decollateralized > 0 in Cooler.repay

Loss of user funds when completing CASH redemptions

minDepositAmount is unnecessarily high, can price out many users

Attacker can gain control of counterfactual wallet

DoS of user operations and loss of user transaction fee due to insufficient gas value submission by malicious bundler

[Medium-3] Non-compliance with EIP-4337

griefing / blocking / delaying users to withdraw

Manager can get around min reserves check, draining all funds from Collateral.sol

Frontrunning for unallowed minting of Short and Long tokens

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

GiantMevAndFeesPool.previewAccumulatedETH function: "accumulated" variable is not updated correctly in for loop leading to result that is too low

Hacked owner or malicious owner can immediately steal all assets on the platform

Public to all funds escape