Anyone can DOS handleReallocation over and over

Invalid token amount calculations leads to DoS in `Launch::updateParticipation(...)`

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

Invalid `period` used in `Pool::transferReserveToAuction(...)` function leads to DoS of the `Auction` contract

Plaza token creation can be gamed when collateral level is <= 1.2

Base mainnet ChainLink oracle is incompatible with `wstETH` causing issues for fetching the reserve token price

Blacklisted `USDC` user could DoS the `Auction` contract

Stuck funds in `BalancerRouter` when user exceeds `PreDeposit` deposit cap

`BondEth` holders could end up claiming other users' `couponTokens`

Precission loss in the Pool contract

Users can claim more that their actual allotment

Rounding error in stepDuration calculations.

Weak randonmness in `AutomationMaster::generateOrderId(...)` could lead to `orderId` clashes

Missing maximum limit for the `pendingOrderIds` array in the `OracleLess` contract could lead to DoS

Minting zero tokens when underlyingToken is not Ether in cashIn()

Invalid vest unlock flow rate calculations in `FluidLocker::_vestUnlock(...)` leads to recepients paying much higher tax rates than intended

Malicious actor can front-run any `VVVVCTokenDistributor::claim(...)` transaction and get all of the user funds

Archived/Deleted author could archive his/her review

Funds can be locked indefinitely in the GammaRewarder contract

Invalid token address used in `ChakraSettlementHandler::cross_chain_erc20_settlement(...)` leading to invalid transaction creation and event emission

A cross-chain message can be initiated with invalid parameters

Wrong usage of transaction originator address instead of caller address

Owner of a cancelled Sablier stream will be elegible for a full amount reward claim, due to a revert in `FjordStaking::onStreamCanceled(...)`

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

Native token withdrawal fails until manually approved

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

Missing abort status check allows bid taker to steal users funds

`listOffer` Unsafely References Fungible Identifiers

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

The maximum number of generations is infinite

Users' ability to nuke will be DoSed for three days after putting NFTs up for sale and cancelling the sale

Forger Entities can forge more times than intended

Duplicate NFT generation via repeated forging with the same parent

`Golden God` Tokens can be minted twice per generation

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Forger Entities can forge more times than intended

Duplicate NFT generation via repeated forging with the same parent

Imprecise token age calculation results in an incorrect nuke factor, causing users to claim the wrong amount

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Single plot can be occupied by multiple renters

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Not upadting `_totalAuctionTokenAllocation` when removing last auction config at cooldown leads to wrong accounting of `_totalAuctionTokenAllocation` and permanent lock of auction tokens

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

Corruptible Upgradability Pattern

Chainlink's `latestRoundData` might return stale or incorrect results