Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Fragmentation fee is not taken if user compensates with newly created position

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

Multicall does not work as intended

LiquidateWithReplacement does not charge swap fees on the borrower

Pyth Oracle Latency Protection is not applied to Makers Vaults

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

First depositor can break staking-rewards accounting

Persistent Contract Call revert prevents finalizing a ballot

When forming POL the DAO will end up stucked with DAI and USDS tokens that cannot handle.

Some rewards from POL will not be send to team wallet nor burned

No proposal time limit traps sponsors of unpopular proposals

DOS of proposals by abusing ballot names without important parameters

SALT staker can get extra voting power by simply unstaking their xSALT

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

Impossible to change managed wallets with `proposeWallets` after first rejection

If there is only one USDS borrower, he can never be liquidated

When calling LeverageMacroBase.doOperation to open a CDP, the POST CALL CHECK may use the wrong cdpId

Redemptions are inconsistent with other cdp's operations

Collateral can be locked in BigBang contract when `debtStartPoint` is nonzero

Incorrect formula used in function `Market.computeClosingFactor()`

Incorrect liquidation reward computation causes excess liquidator rewards to be given

Liquidated USDO from BigBang not being burned after liquidation inflates USDO supply and can threaten peg permanently

Ability to steal user funds and increase collateral share infinitely in BigBang and Singularity

twTAP.claimAndSendRewards() will claim the wrong amount for each reward token due to the use of wrong index.

Attacker can prevent rewards from being issued to gauges for a given epoch in TapiocaOptionBroker

The BigBang contract take more fees than it should

`totalCollateralShare` state variable not updated in `Singularity` market upon liquidation, resulting in an error on `addCollateral` with skim functionality

BigBang Contract: The repay function can be DoSed

SGLLendingCommon.sol: The totalBorrowCap validation is incorrect

There is a vulnerability in the executeFlashloan function of the PeUSDMainnet contract. Hackers can use this vulnerability to burn other people's eUSD token balance without permission

The relation between the safe collateral ratio and the bad collateral ratio for the PeUSD vaults is not enforced correctly

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called

Incorrect Reward Distribution Calculation in `ProtocolRewardsPool`

Fixed reward percentage for liquidators in the eUSD vault may cause a liquidation crisis

`stakerewardV2pool.withdraw()` should check the user's boost lock status.

Exploiter can avoid negative Lido rebases stealing funds from EUSD vaults

Then getAmountsForDelta function at Underlying.sol is implemented incorrectly

The L1ECOBridge can be attacked to drain funds

Protocol uses wrong address across its contracts

getPriceUSD() function at the StableOracleDAI.sol returns an incorrect value

USSD Contract Uniswap Trades don't have slippage protection

USSD can be minted and burned freely.

Wrong computation of the amountToSellUnit variable

Oracles don't consume chainlink price feeds safely

USSD contract lacks slippage protection for minters

USSD contract lacks a function that allows to redeem USSD for DAI

Inconsistency handling of DAI as collateral in the BuyUSSDSellCollateral function

Delegation rewards are not counted toward granting fund

Governance attack on Extraordinary Proposals

Delegate rewards system is unfair to delegates with less tokens and reduces decentralization

Buyers of Footium Clubs on secondary markets can get rekt

Not using safeERC20 operations might cause users losing funds on the FootiumPrizeDistributor contract

Minting inconsistencies on FootiumPlayer and FootiumClub

Lack of royalty info for FootiumClub nfts

Malicious royalty recipient can steal excess eth from buy orders

Loss of funds for traders due to accounting error in royalty calculations

Flash loan fee is incorrect in Private Pool contract

EthRouter can't perform multiple changes

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol

Users can avoid paying any type of fee when depositing

The depositQueue can get DoSed

The rolloverQueue can get DoSed due to an incorrect state update

Incorrect chainlink price staleness check could prevent a depeg trigger

Lack of a null epoch check on the triggerEndEpoch function could cause a loss of funds

Rewards will be locked in LQTYStaking Contract

If the strategy incurs a loss the Active Pool will stop working until the shortfall is paid out entirely

Staking rewards can be drained

Incorrect Reward Duration After Change in Reward Speed in MultiRewardStaking

Modifier VaultController._verifyCreatorOrOwner does not work as intented

Vault creator can't change feeRecipient after deployment

`MultiRewardStaking.changeRewardSpeed()` breaks the distribution

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

Editions should be checked if they are actually deployed from the legitimate Escher721Factory

selfdestruct() will not be available after EIP-4758

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

Calling `repay` function sends less DOLA to `Market` contract when `forceReplenish` function is not called while it could be called

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount