Flawed Leverage Calculation Allows Extreme Overleveraging and Lending Pool Draining Leading to Rapid Liquidation

Dynamic fee calculation based on poolReserves and lastFeeClaimTime results in unfair fee entitlement due to sudden reserve changes

Reduced pool reserves due to frequent redeem() during auctions can lead to excessive reserve depletion or repeated auction failures, impacting bond token holders.

Discrepancy in sharesPerToken assignment between Pool.startAuction() and BondToken.increaseIndexedAssetPeriod() leads to inconsistent account tallying across periods

Unsuccessful auction states allow early claimers to drain coupon tokens at the expense of late claimers due to unallocated distributions.

Blacklisted lowest bidder in Auction.bid() prevents proper bid removal, leading to potential auction failure or suboptimal revenue

A missing reward update in UsualSP::removeOriginalAllocation will cause reduced reward accumulation for users

The use of exact assets for fee calculation in UsualX::withdraw inflates totalAssets(), enabling users to extract excess assets (or have less shares burnt) and possibly leading to under-collected fees for the protocol

Missing Validity Check in ERC1155Voucher::onERC1155BatchReceived

Invalid validation allows users to unlock early

`performanceFeeReceiver` cannot mint any performance fee shares even if TVL is dropped by only a very tiny amount

Users can lose access to funds due to minimum withdrawal limits.

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract

Funds locked due to missing transfer check

Lack of Slippage Protection in `withdraw`/`redeem` Functions of the Vault

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Balance array misalignment and DoS on the next mint after calling CouncilMember.burn()

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Selling will be bricked if all other tokens are withdrawn to ERC20 token

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Rewards remain unclaimable in vesting migration due to private key loss

Since buyToken function has no slippage checking, users can get less tokens than expected when they buy tokens directly

Bidder can use donations to get VerbsToken from auction that already ended.

Re-triggering the `canOffboard[term]` flag to bypass the DAO vote of the lending term offboarding mechanism

Potential Vesting Allocation Issue for First Founder in Token.sol

Protocol mints less rsETH on deposit than intended

Lack of slippage control on LRTDepositPool.depositAsset

``FULL_RESTRICTED`` Stakers can bypass restriction through approvals

Decimal Limitation in CamelotRelayer and UniV3Relayer Contract Deployment

Protocol is not `EIP712` compliant: incorrect typehash for `Validation` and `Transaction` structures

Users can lose access to funds due to minimum withdrawal limits.

Improper precision of strike price calculation can result in broken protocol

Potential Near-Zero Scenarios for purchasePrice in the Continuous Gradual Dutch Auction