The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Multiple instances where Vault's `totalAssets()` is not properly scaled to ZAROS precision

Underflow when updating credit delegation will result protocol DoS

Vaults weth reward is not distributed correctly

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

Fee Recipient Shares Cannot Be Decreased When Total Fee recipients’s share is at Max Limit

Refund Underflow in Swap Refund Logic Leading to Locked Funds

Wrong values of newly added `vault`

Lack of credit capacity update from VaultRouterBranch::deposit causes DOS in CreditDelegationBranch::depositcreditformarket

`checkFeeDistributionNeeded` Will Not Work With Low Decimal Assets

Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency

No Mechanism to Remove Fee Recipients Can Lead to Failed Reward Distributions

rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc

`initiateSwap` allows users to initiate swap even when the vault is paused

Lack of an update of the pool state will cause Initiate Swap to return an incorrect Amountout

Total debt used in fulfiling swap actions is wrong because we did not update the vault.

Out-of-Bounds Array Access in `_calculateQuantAMMVariance` with Odd Number of Assets and Vector Lambda

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

`setUpdateWeightRunnerAddress` could break the protocol

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Missing Router Update Mechanism in StrategyMainnet Contract

Old router retains token allowance after update

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

MarketPlace Change In Vesting Manager, Leads To Loss Of Previous MarketPlace Listing

Creator of one vesting plan can affect vesting plans created by other users.

`buyFee` And `sellFee` Should Be Known Before Purchase

Incorrect referral fee calculations

Minting zero tokens when underlyingToken is not Ether in cashIn()

Anyone can call `LamboRebalanceOnUniwap.sol::rebalance()` function with any arbitrary value, leading to rebalancing goal i.e. (1:1 peg) unsuccessful.

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

`LamboRebalanceOnUniswap::_getTokenInOut` formula used to compute rebalancing amount is wrong for a UniV3 pool

Missing Slippage Protection Will Lose Funds Of Users When Selling Votes

No protection implemented against listing clone NFTs

Subtraction in `variance()` will revert due to underflow

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

Platform fees withdrawal will sweep oracle agents earned fees

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

Update state requests or Purchase requests occurring at the end of the phase will not process

Inaccurate best response selection in `LLMOracleCoordinator::getBestResponse`.

Sequential Fee Calculations Lead to Lost Platform Revenue Due to Precision Loss

Consensus Mechanism Allows Participation Of Voters With Insufficent Stake

`SablierFlowBase` Lacks `EIP-165` Compliance for `EIP4906` Interface Support

Remove splitter will always revert if there are some rewards left on splitter contract

Removed vaults still remain valid in `OperatorVCS`

[WithdrawalPool.sol] Prevent efficient return of data in getBatchIds() by blocking updateWithdrawalBatchIdCutoff() update of newWithdrawalIdCutoff

AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Incompatibility with Multisig Wallets in `TempleGold::send` Function

Changes to vesting period is not handled inside `_getVestingRate`

Vultisig whitelisting can be bypassed by anyone

Vultisig should be burnable

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

High 01 DoS In Claiming

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal