Proposal which started buyout which fails is able to settle migration as if its buyout succeeded.

Any fractions deposited into any proposal can be stolen at any time until it is commited

Vault implementation can be destroyed leading to loss of all assets

Steal NFTs from a Vault, and ETH + Fractional tokens from users.

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract

An attacker can DoS vault's buyout with as little as 1 wei per 4 days

Fee is being deducted when Put is expired and not when it is exercised.

Put options are free of any fees

Putty position tokens may be minted to non ERC721 receivers

`fee` can change without the consent of users

`canExecTakeOrder` mismatches `makerOrder` and `takerItems` when duplicated items present

Maker buy order with no specified NFT tokenIds may get fulfilled in `matchOneToManyOrders` without receiving any NFT

`_transferNFTs()` succeeds even if no transfer is performed

Maker order buyer is forced to reimburse the gas cost at any `tx.gasprice`

ETH mistakenly sent over with ERC20 based takeOrders and takeMultipleOneOrders calls will be lost

InfinityExchange computes gas refunds in a way where the first order's buyer pays less than the later ones

Truncation in `OrderValidator` can lead to resetting the fill and selling more tokens

Wrong items length assertion in basic order

[WP-H0] Fake balances can be created for not-yet-existing ERC20 tokens, which allows attackers to set traps to steal funds from future users

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

Burning does not update reserves

Wrong usage of `positionId` in `ConcentratedLiquidityPoolManager`

Cannot claim reward

Unsafe handling of underlying tokens

fee-on-transfer underlying can cause problems

Admin is a single-point of failure without any mitigations

Previously created markets can be overwritten

Owner can steal all Basket funds during auction

Unsafe approve would halt the auction and burn the bond

`HybridPool`'s reserve is converted to "amount" twice

Flash swap call back prior to transferring tokens in indexPool

Index Pool always swap to Zero

Approximations may finish with inaccurate values

No bar fees for IndexPools?

`HybridPool`'s `flashSwap` sends entire fee to `barFeeTo`

set cap breaks vault's Balance

`Vault.withdraw` sometimes burns too many shares

VaultHelper deposits don't work with fee-on transfer tokens

Harvest can be frontrun

Uninitialized Variable `marketWhitelist` in `RCTreasury.sol`

Missleading onlyDAO modifiers

Approval is not reset if the call to IFulfillHelper fails

Wrong trading pricing calculations

Logic error in fee subtraction