Malicious user can honeypot other users to buy their stream on an NFT marketplace and cancel it right before the purchase happens

Availability of deposit invariant can be bypassed

Incorrect withdraw queue balance in TVL calculation

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

User can get their Kerosene stuck because of an invalid check on withdraw

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

Value of kerosene can be manipulated to force liquidate users

Anyone can prolong the time for the rewards to get distributed

Incorrect flag results to _hasFallbackToggled always set to false on createMultipleSettlement.

If RootBridgeAgent.lzReceiveNonBlocking reverts internally, the native token sent by relayer to RootBridgeAgent is left in RootBridgeAgent

The Restriction Manager does not completely implement ERC1404 which leads to account that are supposed to be restricted actually have access to do with their tokens as they see fit

The peg stability module can be compromised by forcing lowerDepeg to revert.

Incorrect precision assumed from RdpxPriceOracle creates multiple issues related to value inflation/deflation

Missing slippage parameter on Uniswap `addLiquidity()` function

Inaccurate swap amount calculation in ReLP leads to stuck tokens and lost liquidity

No mechanism to settle out-of-money put options even after Bond receipt token is redeemed.

The vault allows "free" swaps from WETH to RDPX

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

Signature missing nonce & expiration deadline

Centralization Risk for trusted organizers

[H-01] Lack of emergency withdraw function when no arbiter is set

Constructor of `Escrow` should make sure that `buyer`, `seller`, `arbiter` are different from each other.

`tokenContract`is always an unsafe input, for fairness, it is recommended to add a whitelist for token

Check price != 0 before interacting with IERC20

Liquidated USDO from BigBang not being burned after liquidation inflates USDO supply and can threaten peg permanently

Attacker can prevent rewards from being issued to gauges for a given epoch in TapiocaOptionBroker

Funds are locked because borrowFee is not correctly implemented in BigBang

Missing deadline checks allow pending transactions to be maliciously executed

[M-01] `SGLCommon._getInterestRate()`: feeFraction multiplied by wrong base amount

`_voteSucceeded()` returns true when `againstVotes > forVotes` and vice versa

Due to inappropriately short `votingPeriod` and `votingDelay`, it is near impossible for the governance to function correctly.

In `LlamaRelativeQuorum`, the governance result might be incorrect as it counts the wrong approval/disapproval.

LlamaPolicy could be DOS by creating large amount of actions.

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

`RiskFund.swapPoolsAsset` does not allow user to supply deadline, which may cause swap revert

ShortFall contract might transfer incorrect amount of tokens to the highest bidder.

`PositionManager.moveLiquidity` could revert due to underflow

Fee inclusivity calculations are inaccurate in RubiconMarket

Zero reward rate calculation impedes low-decimals token distributions

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

User can possess less value than before when `V2Migrator.migrate` function is called to give up bathTokenV1 tokens and hold bathTokenV2 tokens

Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

Lack of deadline for uniswap AMM

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting