not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Old router retains token allowance after update

Anyone can call the fallbackFunction because of missing authorization control

Protocol not fully compliant with `EIP-7579`

`Nexus.validateUserOp()` violates the EIP-4337 specification

High Risk Denial-of-Service (DoS) Vulnerability in ERC1155 Token Minting Process.

Value of kerosene can be manipulated to force liquidate users

Incorrect deployment / missing contract will break functionality

```LibWstethEthOracle::getWstethEthPrice``` returns wrong ```wstETH/ETH``` price in some conditions impacting system operations

The functions about ```permit``` won't work and always revert

[M-01] The burn function will break the claim function

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime