Low Risk
[L-01] - hardcoded Uniswap pool fee of 3000 can tamper with user slippage, allow the user to specify what fee tier market he wants to perform swaps on. [L-02] - use deterministic address creation (CREATE2) to protect against re-orgs [L-03] - Rebasing tokens probably would not be accepted, but PAXG is a fee-on-transfer token and any transfers involving it can tamper with accounting like user rewards, consider using before and after token balances. [L-04] - The vault manager contract's initializer is empty, thus the initial values do not get set [L-05] - Weird erc20s like block-lists, two-address, high or low decimals, would face issues, beware of tokens used.