Fuzz to verify mint/redeem behavior without withdraw fee

[DanielVF]

We are strongly considering removing the redeem fee from OETH, moving to the only asset being WETH, and removing all oracles.

In the past, the redeem fee has provided an extra layer of protection on the protocol because any looping of minting -> doing stuff-> redeeming incurs the redeem fee cost. This erases any small profits from any calculation errors, and makes attacks requiring huge amounts of impractical unless they clear a profit threshold that gets higher the more funds are used.

We want to ensure that removing redeem fees do not result in anything that's exploitable for more than just a minimal rounding error.

There's at least two categories of attacks to consider:

• Attacks that steal principal by minting / doing some stuff / redeeming.
• Attacks that steal yield by minting before a rebase, then rebasing the protocol, then redeeming.

Maybe there's some kind of attack that works by redeeming first, then doing stuff, then minting? Maybe there's something with donations?