BuilderWallet `init()` is unprotected/re-initializable, enabling takeover and theft of builder fees

`RiskEngine::_getRequiredCollateralAtTickSinglePosition()` Fails to Accumulate Credits Across Multiple Legs, Leading to Potential Erroneous Liquidations

Incorrect `UPPER_118BITS_MASK` Mask in `OraclePackLibrary` Causes Unexpected Clearing of `EMAs` and `lockMode` in `OraclePack`

Division-by-zero in long-leg collateral requirement can block solvency checks and `dispatchFrom` (liquidation/force-exercise) for tickSpacing==1 pools

Liquidations Can Be Permanently Blocked via `getLiquidationBonus()` Unsigned Underflow (Insolvent-but-Unliquidatable Accounts)

Incorrect ticket price reference in JackpotBridgeManager causes user overpayment after price updates

Global Variable Manipulation During Active Draw Alters End Result

`BaseAuth.recoverSapientSignature` returns a constant instead of signer image hash, breaking sapient signer flows

Static signatures bound to caller revert under ERC-4337, causing DoS

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

Incorrect referral fee calculations

maxSellPercent can be buypassed by selling previously bought vestings at a later time

`PythOracle` is providing Stale Prices due to incorrect staleness check in `currentValue()`

Calculation for `directionMask` is incorrect

Minting zero tokens when underlyingToken is not Ether in cashIn()

LP for v3 pool of underlying tokens with decimals != 18 would have incorrect NFT metadata

LPs will withdraw more value than deposited during pegged token de-peg events

Anyone can manipulate user nonce (nonce_manager) in settlement contract

In Starknet already processed messages can be re-submitted and by anyone

Lack of Slippage Protection in `repurchase` Function Can Cause Financial Loss for Users

Incorrect Modifier Check will Cause Unexpected Reverts for Users

_onTransferReceived() does not work as intended

Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

Incorrect ETH Locking Mechanism Will Lead to Permanent Fund Lockup (`WinnablesTicketManager::refundPlayers`)

Lack of `whenNotPaused` Modifier Allows Critical Operations During Paused State

`SuperPool.sol` is not ERC4626 compliant.

Incorrectly assigned `decimal1` parameter upon decoding

The maximum number of generations is infinite

Forger Entities can forge more times than intended

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

`AuraVault::claim` reward calculation does not deduct fees from reward amount, causing DoS or extra rewards lost

`PoolV3#repayCreditAccount()` use incorrect share converting function to calculate profit and loss

Lack of Slippage Control in `AuraVault::deposit` and `AuraVault::mint` Functions Can Lead to Unexpected Financial Losses for Users

Unclaimed Rewards Handling Issue in `AuraVault` Contract Functions (`AuraVault::deposit`, `AuraVault::mint`, `AuraVault::withdraw`, `AuraVault::redeem`)

Attacker can DoS users by delegating tokens at `MAX_DELEGATES` limit in `VotingEscrow::_moveTokenDelegates()`

Emergency Council will permanently lock user rewards when killing gauges via `Voter::killGaugeTotally`

Users will receive incorrect rewards due to outdated total supply caching in `RewardsDistributorV2::_checkpoint_total_supply()`

Users can exploit vote persistence to earn unearned rewards via `Voter::poke`

First Liquidity Provider can DOS the Pool in `Pair::mint()`