The `BURNER` cannot burn tokens from accounts not KYC verified due to the check in `_beforeTokenTransfer`.

swapValidatorDetails incorrectly writes keys to memory, resulting in permanently locked beacon chain deposits

settleEpochFromEigenLayer never increments currentEpochsByAsset, DoS'ing the system

OperatorOperations.depositTokenToOperators may unexpectedly revert due to rounding

Forwarding ETH to the rewardDistributor using transferETH will run out of gas

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Anyone can steal all distributed rewards

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

Replay attack to suddenly offboard the re-onboarded lending term

`LendingTerm` Inconsistency between debt ceiling as calculated in `borrow()` and `debtCeiling()`

Incorrect calculations in debtCeiling

LendingTerm::debtCeiling() can return wrong debt as the min() is evaluated incorrectly

LendingTerm debtCeiling function uses creditMinterBuffer incorrectly

Malicious borrower can decrease Guild holders reward

Unlimited slippage allowed in curve pool swap

Settlement fee of unused markets is still charged in Vault

HPB may be incorrectly bankrupt due to use of unscaled value in `_forgiveBadDebt`

First pool borrower pays extra interest

lenderKick incorrectly sets LUP

Allocators in QVSimpleStrategy can allocate far beyond the maxVoiceCreditsPerAllocator

RFPSimpleStrategy recipients can frontrun distribution with a re-registration to increase proposalBid and receive more tokens

Unregistered recipients in DonationVotingMerkleDistributionBaseStrategy will have the status of the 0th recipient

Multiple allocations in QVSimpleStrategy with the same allocator and recipient result in recipient gaining more votes than intended

Milestone distribution likely gets DoS'd in RFPSimpleStrategy

Can avoid paying percentFee via Allo.fundPool

Funding added to QVBaseStrategy after distribution started results in locked tokens

Tokens can get locked in QVSimpleStrategy if recipient updates registration after being voted for

QVSimpleStrategy doesn't accept ETH

Users may be forced into long lock times to be able to undelegate back to themselves.

Delegated votes are locked when owner lock is expired

Voters from VotingEscrow can vote infinite times in vote_for_gauge_weights() of GaugeController

User don't have to deposit for a week into the market to get his weekly reward from the `LendingLedger`

`LidoEthStrategy._currentBalance` is subject to price manipulation, allows overborrowing and liquidations

Usage of `BalancerStrategy.updateCache` will cause single sided Loss, discount to Depositor and to OverBorrow from Singularity

Ability to steal user funds and increase collateral share infinitely in BigBang and Singularity

Potential 99.5% loss in `emergencyWithdraw()` of two Yieldbox strategies

CompoundStrategy attempts to transfer out a greater amount of ETH than will actually be withdrawn, leading to DoS

Accounted balance of GlpStrategy does not match withdrawable balance, allowing for attackers to steal unclaimed rewards

Rewards compounded in AaveStrategy are unredeemable

[HB02] `BalancerStrategy.sol`: `_withdraw` withdraws insufficient tokens

[HB10] `AaveStrategy.sol`: Changing swapper breaks the contract

In case of Loss to the Yearn Vault, the Contract will stop working until the loss is repaid

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

Loss of possible rewards in Curve Gauge

A portion of stargate token rewards earned by StargateStrategy are permanently locked in the contract

`SGLBorrow::repay` and `BigBang::repay` uses `allowedBorrow` with the asset amount, whereas other functions use it with share of collateral

Attacker can steal debt repaid after liquidation

Incorrect accounting in `D3VaultFunding._poolRepayAll` allows attacker to steal double the tokens repaid by the pool

Some positions will get liquidated immediately

Reward accounting is incorrect in BathBuddy contract

Some offers can't be cancelled

An attacker can steal all tokens of users that use `FeeWrapper`

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed

DoS due to external call failure

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

Unsafe casting from `uint256` to `uint16` could cause ticket prizes to become much smaller than intended

If the strategy incurs a loss the Active Pool will stop working until the shortfall is paid out entirely

Squeezing drips from a sender can be front-run and prevented by the sender

Fee on transfer tokens will not behave as expected

Malicious strategist could deny borrowers from repaying loan and force liquidation by setting a extremely high vault fee

Liquidation will fail if value set as `liquidationInitialAsk` > 2**88-1, causing collateral to be permanently locked

Lack of support for fee-on-transfer token

settleAuction() Check for status errors

Two day low oracle used in `Market.liquidate()` makes the system highly at risk in an oracle attack

Oracle assumes token and feed decimals will be limited to 18 decimals

`safeTransfer` function does not check for existence of ERC20 token contract

Project funds can be drained by reusing signatures, in some cases