Malicious users can drain funds

Malicious users can steal funds from contracts

Order performers can drain funds from contracts

Malicious users can steal other users' funds via approval.

Cancel order can be dos in OracleLess

Missing lastEventTime update in liquidate()

Incorrect liqIndex in sendForLiquidation function

Option expiry time does not work

odosAssembledData can be manipulated

Borrowers can earn more profit via manipulating the strikePrice

downsideProtected does not work for borrowers

Abond holders can lose their liquidation gain

Missing totalAvailableLiquidationAmount update when cds owner withdraw.

Lack of access control for function updateDownsideProtected()

USDT token can be drain via manipulating the usdt/usda price

cds owners can withdraw more than expected via manipulating excessProfitCumulativeValue

Lack of lastEthPrice sync between different chains

Missing usdaCollectedFromCdsWithdraw update in withdrawUserWhoNotOptedForLiq

Incorrect usdaToTransfer calculation when cds owners withdraw

Incorrect deducted cds deposit amount in withdrawUser

Liquidated position by liquidation type 2 can be withdrawn

Some liquidated collateral will be locked

Possible failure to sync global data

Borrowers can manipulate volatility to pay less option fees

Borrowers will get more normalizedAmount than expected.

Lack of Ether refund to users

Borrowers can pay less borrow interest because of `lastEventTime` early update in _withdraw

Liquidation may be reverted when LTV is high

Missing lastEthprice update in depositTokens

Incorrect totalVolumeOfBorrowersAmountinWei update in withdraw()

Lack of transfer Ether from the treasury to borrowLiquidation

Non-functional wrapper in BorrowLiquidation

Incorrect margin calculation in liquidationType2

Incorrect short position sizeDelta calculation

sUSD will be locked in the borrowLiquidation

One part of protocol profit will be locked in the treasury

cds owners may fail to withdraw

Lack of access control for executeSetterFunction function.

Missing cds deposit amount in swapCollateralForUSDT

Auction can not work well with TaxTokensReceipt because of TaxTokensReceipt's transfer limitation

BuyOrder can not work well with TaxTokensReceipt

wantedToken NFT will be locked in buyOrder

Incentivized token may be locked in the DebitaIncentive contract

Lenders or borrowers may lose their expected bribe rewards

Lend offer can be deleted multiple times

Lend offer can be deleted multiple times

Borrowers need to pay more interest than expected because of precision loss

Lenders may lose some interest when borrowers extend their loan.

Borrowers may fail to extend their loan in some cases.

Incorrect feeOfMaxDeadline calculation in extendLoan

Borrowers may fail to extend loans because of the incorrect minFEE

Lenders or borrowers may fail to claim collateral after the auction is finished

buyOrder can be deleted twice

Lack of update rewards in removeOriginalAllocation

Incorrect withdraw fee calculation in withdraw

Compromised address can still invite users and do some key operations

Improper liquidity calculation in V3AMO's _addLiquidity()

Improper price check can cause _unfarmBuyBurn dos

Not compatible getReward with Aerodrome

Improper calculation order cause the serious precision loss

Approval operation will be reverted if usd token is USDT in Ethereum

Lack of delete `_listings[_collection][_tokenId]` in reserve

Incorrect index return in _createCheckpoint

Users may lose their ERC721 token if they unlockProtectedListing token with _withdraw = false

users can sandwich rewards because of unused donateThresholdMax

The initial liquidity provider will lose their position

Incorrect compound factor calculation

Missing update `_isLiquidation` in relist

The liquidation list owner may receive some tax refund

Borrowers can avoid paying borrowing interest via adjustPosition

Users' voting token in CollectionShutdown will be locked when we cancel this shutdown flow

Refund does not work in initializeCollection

Fail to start one shut down flow if the collection was shut down before.

Traders may decrease their trading loss via mint/burn

Penalized funding received token will be locked in the contract