Reentrancy vulnerability in Vesting contract on `claim`

Missing `payable fallback` or `receive` method to Vesting Contract

The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations

Blacklisted STADIUM_ADDRESS address cause fund stuck in the contract forever

Lack of checking the existence of the Proxy contract

Spot dex cant handle fee-on-transfer tokens

Missing deadline checks in token `swap` function

Removing more gauge weight than it should be while transfering ````ERC20Gauges```` token

Risk of silent overflow in reserves update

PrivatePool owner can steal all ERC20 and NFT from user via arbitrary execution

The `royaltyRecipient` could not be prepare to receive ether, making the `sell` to fail

`changeFeeQuote` will fail for low decimal ERC20 tokens

Buyer on secondary NFT market can lose fund if they buy a NFT that is already used to claim the reward

When `rewardToken` is erc1155/erc777,an attacker can reenter and cause funds to be stuck in the contract forever

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

Must approve 0 first

`safeTransferMany()` doesn't actually use safe transfer

`_handleDeposit` and `_handleWithdraw` do not account for tokens with decimals higher than 18

Time delay for `isoUSDToken` is set to 3 seconds instead of 3 days

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()` for ERC20 transfers.

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()` for ERC20

Reentrancy issue on `withdrawToken` function

Incorrect accounting in SyndicateRewardsProcessor results in any LP token holder being able to steal other LP tokens holder's ETH from the fees and MEV vault.

withdrawETH() in GiantPoolBase don't call _distributeETHRewardsToUserForToken() or _onWithdraw() which would make users to lose their remaining rewards

Possibly reentrancy attacks in `_distributeETHRewardsToUserForToken` function

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Protocol can be easily rug-pulled by the owner

Yul `call` return value not checked

Use safeTransfer()/safeTransferFrom() instead of transfer()/transferFrom() for ERC20

`call()` should be used instead of `transfer()` on an address payable

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Protocol can be easily rug-pulled by the owner

Yul `call` return value not checked

removeValidator() and removeMinter() may fail due to exceeding gas limit

not able to create claim

Griefing attack on the Vaults is possible, withdrawing the winning side stakes

Different Oracle issues can return outdated prices

Use can get unlimited votes

Proposals can be bricked and Auctions stalled by bad settings

No cap on fees can result in a DOS in BathToken.withdraw()

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault