Brief audit of `manager.ride` @ `feture/v2`

[deemru]

• [ ] HIGH: whitelist have a full access to over deposits because there is no accounting by caller only by _assetId https://github.com/Tsunami-Exchange/tsunami-contracts/blob/afbcd60e6e61ce81fe46d19877cbd7e5d0499b75/contracts/ride/manager.ride#L42-L46 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/afbcd60e6e61ce81fe46d19877cbd7e5d0499b75/contracts/ride/manager.ride#L106 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/afbcd60e6e61ce81fe46d19877cbd7e5d0499b75/contracts/ride/manager.ride#L136
• [ ] HIGH: mess with _assetId if it is multi management then you cant use these https://github.com/Tsunami-Exchange/tsunami-contracts/blob/afbcd60e6e61ce81fe46d19877cbd7e5d0499b75/contracts/ride/manager.ride#L122 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/afbcd60e6e61ce81fe46d19877cbd7e5d0499b75/contracts/ride/manager.ride#L145 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/afbcd60e6e61ce81fe46d19877cbd7e5d0499b75/contracts/ride/manager.ride#L182 if it is single _assetId why we have addTokenVault() and _assetId in all interface functions
• [ ] LOW: no payments count == 1 check https://github.com/Tsunami-Exchange/tsunami-contracts/blob/afbcd60e6e61ce81fe46d19877cbd7e5d0499b75/contracts/ride/manager.ride#L119