Buffer Silently Locks Staked HYPE in Contract Without Using Them For Withdrawals Or Providing A Way To Be Pulled Out Or Moved To L1

Processing all withdrawals before all deposits can cause some deposit to not be delegated in `processL1Operations`

Incorrect Balance Check in Validator Redelegation Process May Block Legitimate Rebalancing Operations

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Lack of deadline check in forwarded request

Underflow when updating credit delegation will result protocol DoS

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency

Slippage Higher than Expected in `CurveAdapter.executeSwapExactInput()` and `FeeDistributionBranch._performMultiDexSwap()` Multi-Hop Swaps

Decimal Precision Mismatch Causing Incorrect Swap Reverts in `StabilityBranch.initiateSwap()`

CurveAdapter uses non-existent exchange_with_best_rate() method, breaking fee conversion on Arbitrum.

LamboFactory can be permanently DoS-ed due to createPair call reversal

Minting zero tokens when underlyingToken is not Ether in cashIn()

Calculation for `directionMask` is incorrect

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

`LamboRebalanceOnUniswap::_getTokenInOut` formula used to compute rebalancing amount is wrong for a UniV3 pool

`sellQuote` and `buyQuote` are missing deadline check in `LamboVEthRouter`

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

Blocked accounts keep earning interest contrary to the WhitePaper

AccessControlHooks onQueueWithdrawal() does not check if market is hooked which could lead to unexpected errors such as temporary DoS

Role providers cannot be EOAs as stated in the documentation.

Inconsistency across multiple repaying functions causing lender to pay extra fees.

`FixedTermLoanHooks` allow Borrower to update Annual Interest before end of the "Fixed Term Period"

`Flashlender.sol#flashLoan()` should use `mintProfit()` to mint fees. The current implemetation may lead to locked up WETH in PoolV3.

Because of the Asset:Share 1:1 Conversion, if Vault Incur a Loss, the Last User to Withdraw Will Take The Entire Loss

DOS attack to SwapAction.transferAndSwap() when using an ERC20 permit transferFrom.

Malicious actor can abuse the minimum shares check in `StakingLPEth` and cause DoS or locked funds for the last user that withdraws

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Inadequate Checking of `isIncreasing` when trader adjusts position size

Trading accounts can exceed the maximum number of allowed open positions.

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Fragmentation fee is not taken if user compensates with newly created position

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

`TSender.huff` and `TSender_NoCheck.huff` contracts will transfer funds to wrong addresses when called with specific calldata.

Soil issuance is computed incorrectly if `twaDeltaB` is negative while `instDeltaB` is positive.

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Attacker Can Frontruns User's Withdrawals To Make Them Reverts Without Costs

Value of kerosene can be manipulated to force liquidate users

setUnboundedKerosineVault not called during deployment, causing reverts when querying for Kerosene value after adding it as a Kerosene vault

No incentive to liquidate when CR <= 1 as asset received < dyad burned

If a redemption has N disputable shorts, it is possible to dispute N-1 times the redemption to maximize the penalty

Using cached price to create a proposal reduce the efficacity of redemptions for asset peg

oracleCircuitBreaker: Not checking if price information of asset is stale

`TwabLib::getTwabBetween` can return innacurate balances if `_startTime` and `_endTime` aren't safely bounded

The winner can steal claimer fees, and force him to pay for the gas

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

Attacker Can Inflate LP Position Value To Create a Bad Debt Loan

SALT staker can get extra voting power by simply unstaking their xSALT

Rewards can be drained because of lack of access control

No incentive to liquidate small positions could result in protocol going underwater

Divergence in the pricing method for collateral within the `calculateMinimumAmountOut()` may result in vaults transitioning into an uncollateralized state after executing swaps.

Wrong Implementation of `LiquidationPool::empty` excludes holder with pending stakes when decreasing a position, resulting in exclusion from asset distribution

Attacker can force reduce `minAmountOut` from vault swaps, making they vulnerable to being sandwiched.

Anyone with TST tokens can monitor the mempool and frontrun mint/burn functions to get EUROs rewards without even staking.

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Anyone can prolong the time for the rewards to get distributed

Malicious borrower can decrease Guild holders reward

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

Blocked accounts keep earning interest contrary to the WhitePaper

AccessControlHooks onQueueWithdrawal() does not check if market is hooked which could lead to unexpected errors such as temporary DoS

Role providers cannot be EOAs as stated in the documentation.

Inconsistency across multiple repaying functions causing lender to pay extra fees.

`FixedTermLoanHooks` allow Borrower to update Annual Interest before end of the "Fixed Term Period"

Owner can incorrectly pull funds from contests not yet expired

DoS of full liquidations are possible by frontrunning the liquidators

High - Funds can be lost if any participant is blacklisted

`TwabLib::getTwabBetween` can return innacurate balances if `_startTime` and `_endTime` aren't safely bounded

The winner can steal claimer fees, and force him to pay for the gas