Incorrect sender check in `transferReserveToAuction` will DoS succeeded auctions, leading to loss of funds

Fee logic is flawed

Excess tokens are not refunded when joining balancer pool using `EXACT_BPT_OUT` `JoinKind`

Pro-forma CL computation can be abused to game the system

An attacker can leverage pool selection logic in BondOracleAdapter's getPool to manipulate bond prices and DoS redemptions

Not considering fees when ending an auction could incorrectly set an auction as succeeded

Price feed logic is incorrect and prevents integrating certain reserve assets

Protocol mechanics incorrectly assume 1 USDC will always be worth 1 USD

BondToken indexed shares logic wrongly assumes auctions will always be successful, DoSing future distributions

The system can start in an extremely undercollateralized state due to restrictions in PreDeposit

Precision loss when computing levETH's redeem rate if CL > 1.2

Incorrect precision leads to uneffective market rate checks

Approval overflow causes DoS in `BalancerRouter`'s `exitPlazaAndBalancer`

Malicious bidder can DoS bids by getting blacklisted in USDC

Missing storage gap in some contracts might lead to storage corruption

Missing token allowance update when requesting redemptions will lead to redemption cap being bypassed

Not considering BUIDL transfer configurations can lead to DoS in BUIDL redemption vault

Not transferring collateral when submitting bids allows malicious users to create honeypot-style attacks

Claiming loan NFT prevents lenders from closing loan and retrieving collateral

Burning shares prior to computing value to withdraw will make earnings remain locked forever in the contract

Malicious lenders can set the lender commitment contract as the repayment listener for their regular loans, leading to several issues

Using transferFrom won’t work with some tokens

Using slot0 to compute position price can be easily manipulated

Multiplying the collateral amount by the `STANDARD_EXPANSION_FACTOR` when checking the required collateral is incorrect and allows borrowers to get undercollateralized loans

Escrowed repayments belonging to the lender commitment contract can’t be retrieved from the escrow vault

Not considering `liquidityThresholdPercent` will make pool utilization ratio be wrongly computed

Lender commitment group smart contract won't work properly with fee-on-transfer tokens

Performing a direct multiplication in `_getPriceFromSqrtX96` will overflow for some uniswap pools

Using wrong selector will dos FlashRolloverLoan's accept commitment

`rolloverLoanWithFlash` does not allow adding collateral when accepting commitments

Wrong parameter in remote transfer makes it possible to steal all USDO balance from users

Recursive _lzCompose() call can be leveraged to steal all generated USDO fees

Wrong usage of Stargate’s ETH router in balancer enables attackers to steal all bridged native funds

DoS in BBLeverage and SGLLeverage due to using wrong leverage executor interface

Leverage module’s buyCollateral() function will always fail due to wrong parameter when depositing into yieldbox

Depositing wrong asset in YieldBox will DoS sellCollateral()

Missing pausing functionality implementation makes USDO, tOFT and AssetToSGLPLeverageExecutor contracts not pausable

Variable opening fee will always be wrongly computed if collateral is not a stablecoin

Not properly tracking debt accrual leads mintOpenInterestDebt() to lose twTap rewards

Missing return statement will make mtOFT's compose calls of message type MSG_XCHAIN_LEND_XCHAIN_LOCK always fail

Using OR operator instead of AND operator in rebalance() will make call always fail if owner() ≠ rebalancer

USDO’s MSG_TAP_EXERCISE compose messages where exercised options must be withdrawn to another chain will always fail due to wrongly requiring sendParam's to address to be whitelisted in the Cluster

Withdrawing to other chain when exercising options won’t work as expected, leading to DoS

Not considering fees when wrapping mtOFTs leads to DoS in leverage executors

Secondary Big Bang market rates can be manipulated due to not triggering penrose.reAccrueBigBangMarkets(); when leveraging

Reentrancy in flashAction() allows draining liquidity pools

Caching Uniswap position liquidity allows borrowing using undercollateralized Uni positions

Wrong parameter when retrieving causes a complete DoS of the protocol

The current burning logic is flawed

Functions calling _retrieve() more than once will always revert

TWAP oracle might return a stale price

USE SAFETRANSFER/SAFETRANSFERFROM CONSISTENTLY INSTEAD OF TRANSFER/TRANSFERFROM

ERC20 `transferFrom` return values not checked

NFTs could remain locked forever if the Bull is a malicious contract