`SuperDCACashback.sol` does not work as intended on BNB chain for USDC due to 18 decimals in USDC on BNB chain.

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Subtraction in `variance()` will revert due to underflow

`WellUpgradeable` can be upgraded by anyone

Missing Return Statement in `_getReserves` Function in `MagicLpAggregator` Contract

Freezed Chain will never be unfreeze since `StateTransitionManager::unfreezeChain` is calling `freezeDiamond` instead of `unfreezeDiamond`.

`drawManager` CAN BE SET TO A MALICIOUS ADDRESS

Unchecked return value bug on `TransferHelper::_safeTransferFrom()`

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Burner role can not be revoked

Due to no access control on `DistributionV2::_authorizeUpgrade()` anyone can change the implementation contract and can destroy the main Proxy contract.

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol

8 lows for mocks

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

Centralization Risk for trusted organizers

During refinance() new Pool balance debt is subtracted twice

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Stealing any loan opening for auction through others' lending pool

Attacker can steal a loan's collateral and break the protocol

A pool lender can fully drain another user's pool by abusing `buyLoan`

Multiple accesses of a mapping/array should use a local variable cache.

CEI pattern not followed in multiple functions in Staking.sol

Use assembly to check for `address(0)`

Use nested `if` statements instead of logical AND (`&&`)

`drawManager` CAN BE SET TO A MALICIOUS ADDRESS

`WellUpgradeable` can be upgraded by anyone