RedeemQueue can not work when asset is native token

Flaw in signatures threshold

Protocol fee is overcharged

DepositQueue can be DoS

Unable to transfer shares

Attacker can block users from redemptions

Stuck `stETH` rewards in queue contracts

Theft of funds in `GatewayTransferNative` contract

`GatewaySend` is not compatible with USDT on ethereum

The cross chain swap can fail when it should not

Unable to swap native ZETA token from Zetachain to connected chain

Unable to take platform fee for swap with native ZETA tokens from Zetachain

Refund information can be unauthorizedly updated

Loss of native tokens in connected chains due to incorrect revert handling

Cross chain debt accrues incorrectly

Incorrectly calculation of total borrow amount in borrow and liquidation

Unable to liquidate cross chain borrow

Max liquidation amount is less than actual in cross chain liquidation

Incorrect payload data is sent to dest chain after liquidation executed on src chain

LEND tokens distribution is incorrect

Cross chain borrow debt only records principle on source chain

Unable to handle liquidation success in dest chain

Cross chain repayment updates wrong borrow balance

Liquidation failure is incorrectly handled

Interest is accrued twice in same-chain borrow

Max close calculation does not include interest

Unable to borrow cross chain despite collateral sufficiency

Redeem limit is not updated when request redeem is rejected or withdrawn

Users approved funds can be stolen

Reward rate can be dilute

Strategy is DoS due to incorrect ticks of secondary position

Users tokens are wrongly validated and updated

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Reward manipulation vulnerability in StabilityPool

RToken's transfer function lead to loss of funds due to incorrect math

NFTs Get Permanently Locked in Stability Pool After Liquidation

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Attackers can double voting power and veToken amount by locking and increasing

The total voting power of all veRAAC tokens is wrongly assigned

Incorrect Debt Token Accounting Due to Multiple Scaling Issues

Stability pool does not consider RToken balance increase when DEToken is withdrawn

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

RToken.transferFrom() Does Not Scale User Balances Due to Stale Liquidity Index

LendingPool deposits do not work with CurveVault due to lack of funds

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations

User may not be able to increase the amount of locked RAAC tokens

hardcoded baseamount in Updateuserboost fucntion causes users with small token holdings to receive higher boosts relative to their holdings t

Lending pool reserve liquidity can be incorrectly accounted due to transferring accrued dust

Emission rate can be manipulated

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Unable to end an successful auction

Exchange rates are vulnerable to collateral level changes

Incorrect price returned from `BondOracleAdapter` contract

Users will lose funds in BalancerRouter when PreDeposit reaches cap

Bond holders can not redeem as expected

Market rate can not be used in token redemption flow

An attacker can grief the auction

Stale price from Pyth Oracle can be used

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

Users can claim more that their actual allotment

Users can prevent being reallocated by listing to marketplace

Listing potential can not be purchased with discounted price

Attacker can drain funds by duplicating an order

Modifying order after filled can drain contract funds

Funds can be drained by fake swaps

User allowance can be stolen

Wrong stale price check in Pyth integration

Vote buyers will have to pay more fees than expected

Slashing penalty can be mitigated by unvouching

Lenders and borrowers can not claim liquidation token after NFT collateral auction sold

Borrowers will have to pay overhead fee for extending loans

Borrowers can not extend loans which has maximum duration less than 24 hours

Borrowers can still do many restricted actions with veNFT

Fee could be lost in withdraw flow

G$ expanded supply can be significantly less than expected

No LSTs transfer on node operator withdrawals resulting in stuck funds and loss for node operators

Chainlink automation Upkeep can not function because of improper integration

Griefer can permanently DOS all the deposits to the `StakingPool`

Vault fee receivers can conditionally block rewards distribution flow

No way to update unbonding and claim periods

The total amount to be distributed can be manipulated

Incorrect update for state variable `sharesSinceLastUpdate` in contract `PriorityPool`

Collection token will get locked after shutdown cancellation

Voters will be blocked from claiming liquidation share

Liquidation shares will be drained by re-starting a shutdown

Liquidation shares will be drained due to unsafe typecasting

Fee exemption logic work incorrectly

Fulfill wrong token side in the before swap hook

Fund stuck because fail to refund ETH when initializing collection

Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

Exposed `_removeCredIdPerAddress` & `_addCredIdPerAddress` allows anyone to cause issues to current holders as well as upcoming ones

Refunds sent to incorrect addresses in certain cases

Incorrect Fee Handling Prevents Protocol from Updating Fees

Attacker can DOS user from selling shares of a credId

Can not withdraw assets from Pool because of treasury accrued shares

A lender can get more vault shares than expected

Incorrect total debt amount to calculate interest rate

Liquidation does not take into account the interest

Reallocation will be blocked if trying to withdraw all from a market

Users can not set status for `useReserveAsCollateral`

In `PositionActionPendle::_onDecreaseLever`, `tokenOut` is implemented incorrectly.

PositionAction.decreaseLever() fails to consider the loan fee in Flashlender when calculating loanAmount, as a result, the functionanlity will not work when protocolFee != 0.

Unclaimed Rewards Handling Issue in `AuraVault` Contract Functions (`AuraVault::deposit`, `AuraVault::mint`, `AuraVault::withdraw`, `AuraVault::redeem`)

Can not cast vote after bribes registered

Adversary can prevent the launch of any ILO pool with enough raised capital at any moment by providing single-sided liquidity

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

QVSimpleStrategy contract does not work with native token

Voice credits cast to recipient is incorrectly accounted in QVBaseStrategy contract

Can not create a pool by cloning strategies on zkSync network

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

Lender contract can be drained by re-entrancy in `setPool`

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Borrower can use Refinance to cancel auctions so they can extend their loan indefinitely

During refinance() new Pool balance debt is subtracted twice

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Stealing any loan opening for auction through others' lending pool

Token spending by Uniswap router doesn't get approved

Save gas for collecting protocol fees and interests

Stuck ether when use function `stake` with empty `derivatives`(`derivativeCount` = 0)

An early malicious depositor can manipulate issuance of shares to steal users deposited loan token

Hijacking of node operators minipool causes loss of staked funds

call opcode's return value not checked.

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Protocol can be easily rug-pulled by the owner

Index out of bounds error when properties length is more than attributes length breaks minting

can not repay native token

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Putty position tokens may be minted to non ERC721 receivers

The contract serves as a flashloan pool without fee