Denial of Service Vulnerability in updateParticipation Due to Incorrect Comparision between TokenAmount & TokenCurrency

Missing `lower<upper` check in `mint_position`

Unrevoked approvals allow NFT recovery by previous owner

update_emergency_council_7_D_0_C_1_C_58() updates nft manager instead of emergency council

_onTransferReceived() does not work as intended

Incorrectly assigned `decimal1` parameter upon decoding

An Attacker can DOS user withdrawal by delegating many tokens with least amount lock.

Incorrect `maxLockIdToIndex` value update in `disable_max_lock` creates unintended behaviour

Killing a Gauge Could Result in Stuck Funds

Incorrect Rewards distribution due to cached supply.

First liquidity provider can DOS the pool of a stable pair

Vultisig whitelisting can be bypassed by anyone

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

Incorrect modifier condition

The `editPool()` lacks a sanity check on the `payoutStart` parameter leading to incorrect or unfair reward distributions

LayerZeroEndpoint.send() in L1Sender.sol may revert if the user does not provide enough native gas as specified

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Unauthorized Access to setCurves Function

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject

`costInEuros` calculation will incur precision loss due to division before multiplication

Put settlement can be anticipated and lead to user losses and bonding DoS

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Stealing any loan opening for auction through others' lending pool

Attacker can steal a loan's collateral and break the protocol

A pool lender can fully drain another user's pool by abusing `buyLoan`

Use assembly to perform hashing instead of Solidity to reduce gas costs.

Double-spending vulnerability leads to a disruption of the DSC token

The arbiter should not be either the buyer or the seller.

Transfer of Extra Tokens