Fathom Stablecoin | Oxorio Audit Web Report

C-01	CRITICAL	ACKNOWLEDGED	Possibility of misconfiguration in `FathomProxyWalletOwner`	`FathomProxyWalletOwner.sol`
C-02	CRITICAL	ACKNOWLEDGED	Configuration addresses are not updatable in `FathomProxyWalletOwner`	`FathomProxyWalletOwner.sol`
C-03	CRITICAL	ACKNOWLEDGED	Missing overflow checks in `PluginPriceOracle`	`PluginPriceOracle.sol`
M-01	MAJOR	ACKNOWLEDGED	Owner fails to receive native token transfer in `FathomProxyWalletOwner`	`FathomProxyWalletOwner.sol`
M-02	MAJOR	ACKNOWLEDGED	Missing `setOwner` function in `FathomProxyWalletOwner`, `FathomProxyWalletOwnerUpgradeable`	`FathomProxyWalletOwner.sol` `FathomProxyWalletOwnerUpgradeable.sol`
M-03	MAJOR	NO ISSUE	Add migration mechanism in `CollateralPoolConfig`	`CollateralPoolConfig.sol`
W-01	WARNING	ACKNOWLEDGED	Addresses are not validated in `FathomProxyWalletOwner`	`FathomProxyWalletOwner.sol`
W-02	WARNING	ACKNOWLEDGED	DDOS attack in `FathomProxyWalletOwnerUpgradeable`	`FathomProxyWalletOwnerUpgradeable.sol`
W-03	WARNING	FIXED	Disable initializers in upgradable contracts	`FathomProxyWalletOwnerUpgradeable.sol` `ProxyWalletRegistry.sol`
W-04	WARNING	ACKNOWLEDGED	Received amount of stablecoin is not validated in `FathomProxyWalletOwnerUpgradeable`	`FathomProxyWalletOwnerUpgradeable.sol`
W-05	WARNING	FIXED	Casting to types in unsafe way	`CollateralTokenAdapter.sol`
W-06	WARNING	FIXED	`feeRate` is not limited in `FlashMintModule`	`FlashMintModule.sol`
W-07	WARNING	FIXED	Redundant check for `totalStablecoinIssued` in multiple contracts	`PositionManager.sol` `FixedSpreadLiquidationStrategy.sol` `LiquidationEngine.sol` `PriceOracle.sol` `ShowStopper.sol`
W-08	WARNING	NO ISSUE	Validation of `_totalDebtCeiling` in `BookKeeper`	`BookKeeper.sol`
W-09	WARNING	NO ISSUE	Validation of `_debtFloor` in `CollateralPoolConfig`	`CollateralPoolConfig.sol`
W-10	WARNING	ACKNOWLEDGED	Lack of sanity check in `CollateralPoolConfig`	`CollateralPoolConfig.sol`
W-11	WARNING	FIXED	Outdated typing in `FixedSpreadLiquidationStrategy`	`FixedSpreadLiquidationStrategy.sol`
I-01	INFO	ACKNOWLEDGED	Use of outdated libraries	`FixedSpreadLiquidationStrategy.sol`
I-02	INFO	ACKNOWLEDGED	Gas consumption limitations for integrators in `FathomStablecoinProxyActions`	`FathomStablecoinProxyActions.sol`
I-03	INFO	FIXED	Unsafe usage of `abi.encodeWithSelector` in `SafeToken`	`SafeToken.sol`
I-04	INFO	ACKNOWLEDGED	Impossible to withdraw partial amount	`FathomProxyWalletOwner.sol`
I-05	INFO	ACKNOWLEDGED	Transfer amount validation in `FathomProxyWalletOwnerUpgradeable`	`FathomProxyWalletOwnerUpgradeable.sol`
I-06	INFO	ACKNOWLEDGED	Check is not performed prior to sending funds in `FathomProxyWalletOwner`	`FathomProxyWalletOwner.sol`
I-07	INFO	ACKNOWLEDGED	Validation is redundant in `FathomProxyWalletOwner`, `FathomProxyWalletOwnerUpgradeable`	`FathomProxyWalletOwner.sol` `FathomProxyWalletOwnerUpgradeable.sol`
I-08	INFO	FIXED	Typo in `PositionManager`	`PositionManager.sol`
I-09	INFO	FIXED	Redundant Imports	`PositionManager.sol` `CentralizedOraclePriceFeed.sol` `SlidingWindowDexOracle.sol` `FathomStablecoinProxyActions.sol` `CollateralTokenAdapter.sol` `AdminControls.sol` `ShowStopper.sol` `SystemDebtEngine.sol`
I-10	INFO	FIXED	Obsolete comments in `PositionManager`	`PositionManager.sol`
I-11	INFO	FIXED	`Address` imported instead of `AddressUpgradeable` in `BookKeeper`	`BookKeeper.sol`
I-12	INFO	FIXED	Typo in error message in `FixedSpreadLiquidationStrategy`	`FixedSpreadLiquidationStrategy.sol`
I-13	INFO	FIXED	Missing `require` check in `FlashMintModule`	`FlashMintModule.sol`
I-14	INFO	ACKNOWLEDGED	Typo in `FathomProxyWalletOwner`	`FathomProxyWalletOwner.sol`
I-15	INFO	FIXED	Typo in several contracts	`IDelayPriceFeed.sol` `CentralizedOraclePriceFeed.sol` `DelayFathomOraclePriceFeed.sol` `DelayPriceFeedBase.sol`

Please select finding