BondOracleAdapter will cause massive loss of funds for a large number of bond tokens

Pool fee collection methodology will incorrect penalize depositors

Pool#transferReserveToAuction is completely broken

Leverage user can avoid paying fees to bond holders by withdrawing before auction ends

Malicious user can sandwich Pool#startAuction with flashloan to completely drain pool

BondOracleAdapter#getPool methodology can be abused to cause oracle to reference low liquidity pool

Precision loss in leverage redeemRate calculation will cause loss to leverage tokens

Auction date will drift irreversibly forward over time leading to loss of yield for bond holders

Rounding loss in Auction#slotSize allows malicious user to force auction to be undersold

Payments from failed auctions can be claimed leading to indefinite DOS on other legitimate claims

Incorrect dp scaling for marketRate will cause lose to other users if bond market price is low

Blacklisted bidders can force auction to pay them a very high price

BalancerRouter is implemented incorrectly and will cause loss of funds when depositing to predeposits

_calculateMaxBorrowCollateral calculates repay incorrectly and can lead to set token liquidation

`AccountV1#flashActionByCreditor` can be used to drain assets from account without withdrawing

`LendingPool#flashAction` is broken when trying to refinance position across `LendingPools` due to improper access control

Arbitrary call in Funding#_withdraw can be used to drain all contract balances

Funding#requestWithdraw uses incorrect withdraw address

FundRateArbitrage is vulnerable to inflation attacks

Balancer LP valuation methodologies use the incorrect supply metric

Token#updateFounders fails to properly clear tokenRecipient mapping causing improper token distribution

Adversary can permanently brick auctions due to precision error in Auction#_computeTotalRewards

MerkleReserveMinter minting methodology is incompatible with current governance structure and can lead to migrated DAOs being hijacked immediately

Tokens that are both bribes and StakeDao gauge rewards will cause loss of funds

cvgControlTower and veCVG lock timing will be different and lead to yield loss scenarios

SdtRewardReceiver#_withdrawRewards has incorrect slippage protection and withdraws can be sandwiched

Adversary can reenter takeOverDebt() during liquidation to steal vault funds

Creditor can maliciously burn UniV3 position to permanently lock funds

Slippage controls inside _restoreLiqudity are ineffective allowing repay() calls to be sandwiched and all profits stolen

Adversary can overwrite function selector in _patchAmountAndCall due to inline assembly lack of overflow protection

Blacklisted creditor can block all repayment besides emergency closure

Protocol is incompatible with ZkSync Era due to differences in address deviation

PoolOracle utilizes vulnerable OZ 4.3.1 UUPS implementation

Router.sol is vulnerable to address collission

CurveTricryptoOracle#getPrice contains math error that causes LP to be priced completely wrong

CVX/AURA distribution calculation is incorrect and will lead to loss of rewards at the end of each cliff

Stable BPT valuation is incorrect and can be exploited to cause protocol insolvency

CurveTricryptoOracle incorrectly assumes that WETH is always the last token in the pool which leads to bad LP pricing

AuraSpell#closePositionFarm exits pool with single token and without any slippage protection

AuraSpell#closePositionFarm will take reward fees on underlying tokens when borrow token is also a reward

Adversary can abuse hanging approvals left by PSwapLib.swap to bypass reward fees

ConvexSpell is completely broken for any curve LP that utilizes native ETH

Issue #47 from Update #1 is still present in ConvexSpell

WAuraPools doesn't correctly account for AuraStash causing all deposits to be permanently lost

Mainnet oracles are incompatible with wstETH causing many popular yields strategies to be broken

No check for sequencer uptime can lead to dutch auctions executing at bad prices

Full inventory asset purchases can be DOS'd via frontrunning

Exponential and logarithmic price adapters will return incorrect pricing when moving from higher dp token to lower dp token

BoundedStepwiseExponentialPriceAdapter#getPrice uses incorrect order of operation when calculating priceChange

Target raises can be highly damaging for dutch auctions with multiple components

Manger has no way to disable target raises after enabling them

Malicious user can permanently break VUSD#processWithdrawals by returning huge amounts of data

Failed withdrawals from VUSD#processWithdrawals will be lost forever

Rogue validators can manipulate funding rates and profit unfairly from liquidations

Malicious user can grief withdrawing users via VUSD reentrancy

Malicious users can donate/leave dust amounts of collateral in contract during auctions to buy other collateral at very low prices

MarginAccountHelper will be bricked if registry.marginAccount or insuranceFund ever change

Funding settlement will be DOS'd for a time after the phaseID change of an underlying chainlink aggregator

D3VaultFunding#checkBadDebtAfterAccrue is inaccurate and can lead to further damage to both LP's and MM

D3UserQuote#getUserQuote queries incorrect token for exchangeRate leading to inaccurate quota calculations

Protocol is completely incompatible with USDT due to lack of 0 approval

ArrakisV2Router#addLiquidityPermit2 will strand ETH

ChainLinkOraclePivot uses the same heartbeat for both feeds which leads to stale price data

supplyNativeToken will strand ETH in contract if called after ACTION_DEFER_LIQUIDITY_CHECK

PriceOracle.sol will return the wrong price for asset if underlying aggregator hits minAnswer

PriceOracle#getPriceFromChainlink may return stale data

PriceOracle#getPriceFromChainlink fails to check Arbitrum/Optimism Sequencer uptime

eMode implementation is completely broken

_calculateMaxBorrowCollateral calculates repay incorrectly and can lead to set token liquidation

AaveLeverageStrategyExtension and underlying AaveV3 oracles may diverge

Relying solely on oracle base slippage parameters can cause significant loss due to sandwich attacks

AuraSpell#openPositionFarm fails to return all rewards to user

ShortLongSpell#openPosition uses the wrong balanceOf when determining how much collateral to put

BalancerPairOracle will return highly incorrect price if one token isn't 18 dp

ShortLongSpell#openPosition attempts to burn wrong token

Updating the feeManger on config will cause desync between bank and vaults

Escrow approvals are not cleared when club is transferred allowing for abuse after transfer

Malicious users can honeypot other users by transferring out ERC20 and ERC721 tokens right before sale

Users can bypass Player royalties on EIP2981 compatible markets by selling clubs as a whole

Merkle leaf values for _clubDivsMerkleRoot are 64 bytes before hashing which can lead to merkle tree collisions

AuraSpell#openPositionFarm uses incorrect join type for balancer

Users are forced to swap all reward tokens with no slippage protection

ConvexSpell#closePositionFarm removes liquidity without any slippage protection

ShortLongSpell#_withdraw checks slippage limit but never applies it making it useless

WAuraPools will irreversibly break if reward tokens are added to pool after deposit

UserData for balancer pool exits is malformed and will permanently trap users

IchiSpell applies slippage to sqrtPrice which is wrong and leads to unpredictable slippage

Balance check for swapToken in ShortLongSpell#_deposit is incorrect and will result in nonfunctional contract

ShortLongSpell#openPosition can cause user unexpected liquidation when increasing position size

Pending CRV rewards are not accounted for and can cause unfair liquidations

BlueBerryBank#getPositionValue causes DOS if reward token is added that doens't have an oracle

Issue 290 from previous contest has not been fully addressed by fixes

Issue 94 from previous contest has not been fixed

AuraSpell#closePositionFarm requires users to swap all reward tokens through same router

rewardTokens removed from WAuraPool/WConvexPools will be lost forever

All allowances to DepositStableCoinToDealer and GeneralRepay can be stolen due to unsafe call

JUSDBank users can bypass individual collateral borrow limits

FlashLoanLiquidate#JOJOFlashLoan doesn't allow user to specify any slippage conditions

chainlinkAdaptor uses the same heartbeat for both feeds which is highly dangerous

GeneralRepay#repayJUSD returns excess USDC to `to` address rather than msg.sender

CollateralManager#commitCollateral can be called on an active loan

CollateralManager#commitCollateral can be called by anyone

CollateralManager#commitCollateral overwrites collateralInfo._amount if called with an existing collateral

CollateralManager#setCollateralEscrowBeacon lacks access control allowing anyone to set the beacon implementation and steal all escrowed funds

Malicious user can abuse UpdateCommitment to create commitments for other users

LenderCommitmentForwarder#updateCommitment can be front-run by malicious borrower to cause lender to over-commit funds

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol

Reth `poolPrice` calculation may overflow

Non-ideal rETH/WETH pool used pays unnecessary fees

Adversary can sandwich oracle updates to exploit vault

minTokenAmounts_ is useless in new configuration and doesn't provide any real slippage protection

Adversary can stake LP directly for the vault then withdraw to break lp accounting in BLVaultManagerLido

Users can abuse discrepancies between oracle and true asset price to mint more OHM than needed and profit from it

stETH/ETH chainlink oracle has too long of heartbeat and deviation threshold which can cause loss of funds

minOfferCost can be bypassed in certain scenarios

Adversary can utilize a large number of their own loans to cheat other lenders out of interest

useLoan doesn't allow liqudator to specifiy maximum price

Multiple functions aren't payable so quotes that require protocol fees won't work correctly

Multiple functions may leave excess funds in the contract that should be returned

Periphery#_swapPTsForTarget won't work correctly if PT is mature but redeem is restricted

fillQuote uses transfer instead of call which can break with future updates to gas costs

Carousel#enlistInRollover incorrectly updates ownerToRollOverQueueIndex for existing positions

Adversary can break deposit queue and cause loss of funds

VaultFactoryV2#changeTreasury misconfigures the vault

Null epochs will freeze rollovers

Emissions sent to vault with null epoch will be lost forever

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

TauMath#_computeCR breaks vault compatibility with tokens that don't have 18 decimals

createProposal snapshot block can temporarily desync with minApproval / minVotingPower

Precision differences when calculating userCollateralRatioMantissa causes major issues for some token pairs

First depositor can abuse exchange rate to steal funds from later depositors

Fee share calculation is incorrect

Operator can cause fee shares to be minted to address(0)

transferFrom uses allowance even if spender == from

Adversary can economically exploit wstETHLiquidityVault

User can drain entire reward balance due to accounting issue in _claimInternalRewards and _claimExternalRewards

Removed reward tokens will no longer be claimable and will cause loss of funds to users who haven't claimed

Internal reward tokens can and likely will over commit rewards

Adding an internal reward token that begins accrual at a future time will DOS the entire vault

Reward tokens can never be added again once they are removed without breaking rewards completely

rescueToken doesn't update rewardToken.lastBalance for external reward tokens

amount_claimable_per_share accounting is broken and will result in vault insolvency

Current method for distributing rewards has serious accounting errors

Vault#migrate isn't able to do anything because it lacks any kind of approvals to migrator

Adversary can DOS seller premium payments by creating a large number of tiny protections

User can double insure their LP token to game insurance in the event of a default

User can game protection via renewal to get free insurance

The renewal grace period gives users insurance for no premium

Protection sellers can easily game withdrawal requests to collect risk free yield

Users can share/borrow sTokens to bypass minimum deposit time

Liquidation logic is incorrect when user has debt to more than one bank

WIchiFarm#burn sends too few IchiV2 tokens to users

IchiLpOracle is extemely easy to manipulate due to how IchiVault calculates underlying token balances

IchiVaultSpell#openPositionFarm can cause Ichi to be harvested but doesn't send it to the user

BlueBerryBank#withdrawLend will cause underlying token accounting error if soft/hard vault has withdraw fee

IchiVaultSpell#closePosition will leave LP tokens in the contract if amountLpWithdraw != 0

WIchiFarm will break after second deposit of LP

ChainlinkAdapterOracle will return the wrong price for asset if underlying aggregator hits minAnswer

User has no slippage protection if they choose to not to repay the debt tokens obtained from the swap in IchiVaultSpell

ChainlinkAdapterOracle use BTC/USD chainlink oracle to price WBTC which is problematic if WBTC depegs

Adversary can break bounty payouts by adding malicious ERC20 token to bounty

Adversary can brick refunds by making a large number of small deposits

Adversary can break any bounty they wish by depositing an NFT then refunding it

Adversary can permanently break reward distribution for percentage tier bounties by funding bounty then refunding after competition closes

Adversary can permanently break percentage tier bounties by funding certain ERC20 tokens then refunding

Tier winner can steal excess funds from tiered percentage bounty if any deposits are expired

Adversary can brick bounty payouts by calling fundBountyToken but funding it with an ERC721 token instead

Adversary can lock every deposit forever by making a deposit with _expiration = type(uint256).max

Refunding logic with multiple deposits is first mover take all

TieredFixedBountyV1#setPayoutScheduleFixed is intended to be able to resize to fewer tiers but can't

Adversary can break NFT distribution by depositing up to max then refunding all of them

Adversary can block NFT distribution on tiered bounties by assigning the NFTs to unused tiers

Faulty Escrow config will lock up reward tokens in Staking contract

Fully repaying a loan will result in debt payment being lost

Lender can purposefully get themselves blacklisted on debt token to force borrower default

Use safeTransfer and safeTransferFrom for ERC20 tokens

Loans can be rolled an unlimited number of times which could result in longer loans than expected

Adversary can abuse a quirk of compound redemption to manipulate the underlying exchange rate and maliciously disable cToken collaterals

SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps

PerpDepository#getPositionValue uses incorrect value for TWAP interval allowing more than intended funds to be extracted

USDC deposited to PerpDepository.sol are irretrievable and effectively causes UDX to become undercollateralized

PerpDepository has no way to withdraw profits depriving stakers of profits owed

RageTrade senior vault USDC deposits are subject to utilization caps which can lock deposits for long periods of time leading to UXD instability

Malicious user can use an excessively large _toAddress in OFTCore#sendFrom to break layerZero communication

PerpDespository#reblance and rebalanceLite can be called to drain funds from anyone who has approved PerpDepository

PerpDepository#_placePerpOrder miscalculates fees paid when shorting

Price disparities between spot and perpetual pricing can heavily destabilize UXD

PerpDepository#_rebalanceNegativePnlWithSwap will not work because it never approves spotSwapper to transfer baseAsset

PerpDepository#_rebalanceNegativePnlWithSwap fails to approve vault for quote deposit

PaprController.buyAndReduceDebt: msg.sender can lose paper by paying the debt twice

`PaprController` pays swap fee in `buyAndReduceDebt`, not user

First depositor can break minting of shares

Users can bypass the `maxWinPercent` limit using a partially closing

User can abuse tight stop losses and high leverage to make risk free trades

Bypass the delay security check to win risk free funds

Trading will not work on ethereum if USDT is used

_checkDelay will not work properly for Arbitrum or Optimism due to block.number

Chainlink price feed is not sufficiently validated and can return stale price

`saleReceiver` and `feeReceiver` can steal refunds after sale has ended

ETH will get stuck if all NFTs do not get sold.

An attacker can make users unable to cancel their L1 calls on Ethereum To Arbitrum

Anyone can steal CryptoPunk during the deposit flow to WPunkGateway

Adversary can force user to pay large gas fees by transfering them collateral

During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used

Rewards are not accounted for properly in NTokenApeStaking contracts, limiting user's collateral.

CrabNetting can be DOS'd by partially dequeuing withdraws/deposits

User is unable to partially payback loan if they aren't able to post enough isoUSD to bring them back to minOpeningMargin

Swapping 100 tokens in DepositReceipt_ETH and DepositReciept_USDC breaks usage of WBTC LP and other high value tokens

Anyone can withdraw user's Velo Deposit NFT after approval is given to depositor

User can steal rewards from other users by withdrawing their Velo Deposit NFTs from other users' depositors

Outstanding loans cannot be closed or liquidated if collateral is paused

Users are unable close or add to their Lyra vault positions when price is stale or circuit breaker is tripped

Malicious user can DOS pool and avoid liquidation by creating secondary liquidity pool for Velodrome token pair

Users who deposit Lyra LP as collateral will lose OP vault rewards

Vault_Base_ERC20#_updateVirtualPrice calculates interest incorrectly if updated frequently

Bad debt may persist even after complete liquidation in Velo Vault due to truncation

All collateral in Velodrome vault will be permantly locked if either asset in liquidity pair stays outside of min/max price

The 'redeem' related functions are likely to be blocked

fee loss in AutoPxGmx and AutoPxGlp and reward loss in AutoPxGlp by calling PirexRewards.claim(pxGmx/pxGpl, AutoPx*) directly which transfers rewards to AutoPx* pool without compound logic get executed and fee calculation logic and pxGmx wouldn't be exe

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

Deposit Feature Of The Vault Will Break If Update To A New Platform

PirexGmx.initiateMigration can be blocked

Design of BufferBinaryPool allows LPs to game option expiry

When private keeper mode is off users can queue orders with the wrong asset

resolveQueuedTrades is intended to be non atomic but invalid signature can still cause entire transaction to revert

Bull can repeatedly match an order by transfering their position to address(0)

Fake order can be used to burn tokens from contract via BvbProtocol::reclaimContract

Staking#setBaseVotes and setMonsterMulitiplier are dangerous and will likely cause huge damage to voting

Staking#_unstake removes votes from wrong person if msg.sender != owner

Delegate can keep can keep delegatee trapped indefinitely

Adversary can abuse delegating to lower quorum

castVote can be called by anyone even those without votes

Governance#queue increments the wrong counter when proposal is passed

Staking#changeStakeTime and changeStakeAmount are problematic given current staking design

Users can avoid paying any fees when using ERC20EnabledLooksRareAggregator for Seaport

call opcode's return value not checked.

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Lender can trade claimToken in a malicious way to steal the borrower's money via claimAndRepay() in SpigotedLine by using malicious zeroExTradeData

Adversary can brick AutoRoller by creating another AutoRoller on the same adapter

AutoRoller#eject can be used to steal all the yield from vault's YTs

Hardcoded divider address in RollerUtils is incorrect and will brick autoroller

RollerPeriphery#approve is public allowing anyone to approve themselves tokens

Creating a pool for USDC requires a very large amount of seed capital to be burned

DnGmxJuniorVaultManager#_rebalanceBorrow logic is flawed and could result in vault liquidation

DnGmxJuniorVaultManager#_totalAssets current implementation doesn't properly maximize or minimize

Early depositors to DnGmxSeniorVault can manipulate exchange rates to steal funds from later depositors

WithdrawPeriphery uses incorrect value for MAX_BPS which will allow much higher slippage than intended

WithdrawPeriphery#_convertToToken slippage control is broken for any token other than USDC

DnGmxJuniorVaultManager#harvestFees can push junior vault borrowedUSDC above borrow cap and DOS vault

Pledges that contain delisted tokens can be extended to continue using delisted reward tokens

WardenPledge accidentally inherits Ownable instead of Owner which removes an important safeguard without sponsor knowledge

Fees charged from entire theoretical pledge amount instead of actual pledge amount

Owner can transfer all ERC20 reward token out using function recoverERC20

Lender#lend for APWine doesn't validate that pool is swapping same underlying as market underlying

Lender#lend for Sense has mismatched decimals

Redeemer#redeem for Sense slippage check is not adequete due to token decimal mismatch

Redeemer#redeem for Sense can never redeem because it never approves cTokens to be transferred by Converter

Lender allows users to mint PT backed by PT which artificially inflates the supply of PT and damages the exchange rate for all users

Freezing roles in ERC721NFTProduct and ERC1155NFTProduct is moot

Failed job can't be recovered. NFT may be lost.

An attacker can lock operator out of the pod by setting gas limit that's higher than the block gas limit of dest chain

PA1D#bidSharesForToken returns incorrect bidShares.creator.value

Minting and redeeming will break for fully minted tiers with reserveRate != 0 and reserveRate/MaxReserveRate tokens burned

Redemption weight of tiered NFTs miscalculates, making users redeem incorrect amounts - Bug #1

Adversary can steal contract fees when topup token is USDC by spoofing _bridgeType and _bridgeTxData

Flashloan fee collection mechanism can be easily manipulated

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

First depositor can manipulate the exchange rate to steal funds from later depositors

Adding an incompatible plugin will brick the entire contract

AuctionInternal#_previewWithdraw can cease to function if user has multiple partially filled/unfilled orders

Users can avoid performance fees by withdrawing before the end of the epoch forcing other users to pay their fees

Malicious users can provide liquidity on behalf of others to keep others in the liquidity cooldown

Flashloan users can be forced to pay higher fees than expected

AlgebraPool#swapSupportingFeeOnInputTokens loses exact output functionality

frxETHMinter.depositEther may run out of gas, leading to lost ETH

Loss of vested amounts

Wrong balanceOf user after minting legendary gobbler

Incorrect handling of pricefeed.decimals()

Users who deposit in one vault can lose all deposits and receive nothing when counterparty vault has no deposits

Risk users are required to payout if the price of the pegged asset goes higher than underlying

Vault.sol is not EIP-4626 compliant

StakingRewards.sol#stake is intended to be pausable but isn't

Fees are taken on risk collateral

ArbitraryCallsProposal.sol and ListOnOpenseaProposal.sol safeguards can be bypassed by cancelling in-progress proposal allowing the majority to steal NFT

Attacker can DOS private party by donating ETH then calling buy

TradingUtils#_executeTrade contains logical error that can cause loss of funds if trade.buyToken is ETH or WETH

StrategyUtils#_executeDynamicTradeExactIn returns incorrect amountBought if buyToken is wstETH and tradeUnwrapped is true

Settlement slippage is not implemented correctly which may lead to some vaults being impossible to settle

TradingUtils#_approve is problematic for tokens like USDT that requires allowance to be zero before calling approve

Deployments.sol uses the wrong address for UNIV2 router which causes all Uniswap V2 calls to fail

UniV2Adapter#getExecutionData doesn't properly handle native ETH swaps

TwoTokenPoolMixin allows secondary token to have decimals >18 due to incorrect require statement

Multiple vote checkpoints per block will lead to incorrect vote accounting

The quorum votes calculations don't take into account burned tokens

Index out of bounds error when properties length is more than attributes length breaks minting

ERC4626Oracle.sol returns incorrect price if ERC4626.decimals != ERC4626.asset.decimals

UniV2LPOracle.sol incorrectly values LP when either token in a pair does not have 18 decimals

CTokenOracle.sol#getCErc20Price contains critical math error

Chainlink's latestRoundData may return stale or incorrect results

Delisted assets can still be deposited and borrowed against by accounts that already have them

RBS may redeploy funds automatically if price stays above or below wall for longer than _config.regenWait

Cushion bond markets are opened at wall price rather than current price

Penalty rate is used for pre-maturity date as well

FraxlendPair.sol is not fully EIP-4626 compliant

User may get all of the creator fees by specifying high number for himself

Possible to bypass saleConfig.limitPerAccount

MIMOManagedRebalance.sol#rebalance calculates managerFee incorrectly

Vault rebalancing can be exploited if two vaults rebalance into the same vault

Builder can halve the interest paid to a community owner due to arithmetic rounding

Untyped data signing

Builders must pay more interest when the system is paused.

Missing upper limit definition in replaceLenderFee() of HomeFi.sol

Project.sol and Community.sol have no way to revoke a hash in approvedHashes

removeWrapping can be called when there are still wrapped tokens

Someone can create non-liquidatable auction if the collateral asset fails on transferring to address(0)

Interface definition error

Loss of funds in an underlying protocol would cause catostrophic loss of funds for swivel

wrapETH2LD permissioning is over-extended

Failed proposal can be committed again

Users can lose fractions to precision loss during migraction if _newFractionSupply is set very low

Any fractions deposited into any proposal can be stolen at any time until it is commited

Fund will be stuck if a buyout is started while there are pending migration proposals

Division rounding can make fraction-price lower than intended (down to zero)

Migration::withdrawContribution falsely assumes that user should get exactly his original contribution back

Malicious User Could Burn The Assets After A Successful Migration

```migrateFractions``` may be called more than once by the same user which may lead to loss of tokens for other users

An attacker can DoS vault's buyout with as little as 1 wei per 4 days

Migration.join() and Migration.leave() can still work after unsucessful migration.

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Use a safe transfer helper library for ERC20 transfers

Discounted fee calculation is imprecise and calculates less fees than anticipated

addFeedFor should check if inverse feed already exists

processFees() may fail due to exceed gas limit

Fee is being deducted when Put is expired and not when it is exercised.

Oracle periodSize is very low allowing the TWAP price to be easily manipulated

User can initiate withdraw for previous epoch if rebase hasn't been called since end of epoch

Withdrawals initiated after cycle withdrawal request won't be withdrawn in the correct cycle

Rebases can be frontrun with very little token downtime even when warmUpPeriod > 0

Users of Migration.sol may forfeit rebase rewards

Redeemer.redeem() for Element withdraws PT to wrong address.

The lend function for tempus uses the wrong return value of depositAndFix

[H-05] Not minting iPTs for lenders in several lend functions

Pendle Uses Wrong Return Value For `swapExactTokensForTokens()`

Swivel lend method doesn't pull protocol fee from user

sellPrincipalToken, buyPrincipalToken, sellUnderlying, buyUnderlying uses pool funds but pays msg.sender

Marketplace calls unimplemented function

`_harvest` has no slippage protection when swapping `auraBAL` for `AURA`

Stealing Wrapped Manifest in WETH.sol

Anyone can set the `baseRatePerYear` after the `updateFrequency` has passed

Transferring any amount of the underlying token to the CNote contract will make the contract functions unusable

In Cnote.sol, anyone can initially become both accountant and admin

Malicious relayer could exploit sponsor vaults

fCash of the wrong maturity and asset can be sent to wrapper address before wrapper is deployed

`Minter.sol#startInflation()` can be bypassed

Fees from delisted pool still in reward handler will become stuck after delisting

VE3DRewardPool.sol is incompatible with Bal/veBal

temporary DOS by calling notifyRewardAmount() in Bribe/Gauge with malicious tokens

Malicious user can populate `rewards` array with tokens of their interest reaching limits of `MAX_REWARD_TOKENS`

Bribe.sol is not meant to handle fee-on-transfer tokens

Attacker Could Steal Almost All The Bonus Token In BathBuddy Vesting Wallet

Missing checks allow strategists to steal all fund via `tailOff`

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

Title: Yield can be unfairly divided because of MEV/Just-in-time stablecoin deposits

CrvDepositorWrapper.sol relies on oracle that isn't frequently updated

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

TransmuterBuffer.sol calls depositUnderlying with no slippage bounds

SpeedBumpPriceGate: Excess ether did not return to the user

amount requires to be updated to contract balance increase (1)

DoS: Attacker may significantly increase the cost of `withdrawExcessRewards()` by creating a significant number of excess receipts

Position owner should set allowed slippage

ERC20Gauges: The _incrementGaugeWeight function does not check the gauge parameter enough, so the user may lose rewards.