Users approved funds can be stolen

Reward rate can be dilute

Strategy is DoS due to incorrect ticks of secondary position

Users tokens are wrongly validated and updated

Unable to end an successful auction

Exchange rates are vulnerable to collateral level changes

Incorrect price returned from `BondOracleAdapter` contract

Users will lose funds in BalancerRouter when PreDeposit reaches cap

Bond holders can not redeem as expected

Market rate can not be used in token redemption flow

An attacker can grief the auction

Stale price from Pyth Oracle can be used

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

Users can claim more that their actual allotment

Users can prevent being reallocated by listing to marketplace

Listing potential can not be purchased with discounted price

Attacker can drain funds by duplicating an order

Modifying order after filled can drain contract funds

Funds can be drained by fake swaps

User allowance can be stolen

Wrong stale price check in Pyth integration

Vote buyers will have to pay more fees than expected

Slashing penalty can be mitigated by unvouching

Lenders and borrowers can not claim liquidation token after NFT collateral auction sold

Borrowers will have to pay overhead fee for extending loans

Borrowers can not extend loans which has maximum duration less than 24 hours

Borrowers can still do many restricted actions with veNFT

Fee could be lost in withdraw flow

G$ expanded supply can be significantly less than expected

No LSTs transfer on node operator withdrawals resulting in stuck funds and loss for node operators

Chainlink automation Upkeep can not function because of improper integration

Griefer can permanently DOS all the deposits to the `StakingPool`

Vault fee receivers can conditionally block rewards distribution flow

No way to update unbonding and claim periods

The total amount to be distributed can be manipulated

Incorrect update for state variable `sharesSinceLastUpdate` in contract `PriorityPool`

Collection token will get locked after shutdown cancellation

Voters will be blocked from claiming liquidation share

Liquidation shares will be drained by re-starting a shutdown

Liquidation shares will be drained due to unsafe typecasting

Fee exemption logic work incorrectly

Fulfill wrong token side in the before swap hook

Fund stuck because fail to refund ETH when initializing collection

Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

Exposed `_removeCredIdPerAddress` & `_addCredIdPerAddress` allows anyone to cause issues to current holders as well as upcoming ones

Refunds sent to incorrect addresses in certain cases

Incorrect Fee Handling Prevents Protocol from Updating Fees

Attacker can DOS user from selling shares of a credId

Can not withdraw assets from Pool because of treasury accrued shares

A lender can get more vault shares than expected

Incorrect total debt amount to calculate interest rate

Liquidation does not take into account the interest

Reallocation will be blocked if trying to withdraw all from a market

Users can not set status for `useReserveAsCollateral`

In `PositionActionPendle::_onDecreaseLever`, `tokenOut` is implemented incorrectly.

PositionAction.decreaseLever() fails to consider the loan fee in Flashlender when calculating loanAmount, as a result, the functionanlity will not work when protocolFee != 0.

Unclaimed Rewards Handling Issue in `AuraVault` Contract Functions (`AuraVault::deposit`, `AuraVault::mint`, `AuraVault::withdraw`, `AuraVault::redeem`)

Can not cast vote after bribes registered

Adversary can prevent the launch of any ILO pool with enough raised capital at any moment by providing single-sided liquidity

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

QVSimpleStrategy contract does not work with native token

Voice credits cast to recipient is incorrectly accounted in QVBaseStrategy contract

Can not create a pool by cloning strategies on zkSync network

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

Lender contract can be drained by re-entrancy in `setPool`

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Borrower can use Refinance to cancel auctions so they can extend their loan indefinitely

During refinance() new Pool balance debt is subtracted twice

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Stealing any loan opening for auction through others' lending pool

Token spending by Uniswap router doesn't get approved

Save gas for collecting protocol fees and interests

Stuck ether when use function `stake` with empty `derivatives`(`derivativeCount` = 0)

An early malicious depositor can manipulate issuance of shares to steal users deposited loan token

Hijacking of node operators minipool causes loss of staked funds

call opcode's return value not checked.

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Protocol can be easily rug-pulled by the owner

Index out of bounds error when properties length is more than attributes length breaks minting

can not repay native token

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Putty position tokens may be minted to non ERC721 receivers

The contract serves as a flashloan pool without fee