Liquidation seize calculation uses spot price without EMA consistency check

Debt ADL Uses Group-Scoped Config but Global Debt Trigger

Deposit limit check double subtracts protocol reserves, allowing cap bypass

Zero-Cost Settlement via Payment Rounding

Fee Custody Hijack by Authorized Matchers

Emergency Resolution Skips Past Epochs

Stake/Unstake Reward Wipe

Cross-Pool Reward Siphoning

Zero-Stake Infinite Emissions

Vesting Factory Owner Can Recall Tokens While Escrow Owns Wallet

Unrestricted Maker Gifting Bricks Victim Accounts

NFT Metadata Reader Hits Diamond Storage Mismatch

Decompose Underflow Bricks Small Positions

Vault Balance Transfer Hard-Reverts

wStable Contract is Vulnerable to ERC4626 Inflation Attack

Flawed logic in `Rebalancer.sendMsg` for the `maxTransferSize` check can cause a Denial of Service, blocking the rebalancing mechanism after a time window resets.

Blacklisted users can withdraw funds from mTokenGateway by using a non-blacklisted delegated account.

Signature Re-use Bypasses Multi-signature Threshold in Consensus Module

Incorrect Index Usage in `DepositQueue.cancelDepositRequest` Leads to Accounting Corruption and Permanent Denial-of-Service

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

`setCollateralEscrowBeacon()` can be called by anyone

`commitCollateral()` can be called by anyone

fee-on-transfer tokens are not supported

Logic Error in _decreaseCurrentMinted

The attacker can bypass the original logic of `reduceposition()`

No check sequencer is down in Chainlink feeds

`latestRoundData()` has no check for round completeness

DepositManagerV1::refundDeposit() does not judge bounty status

claimManager will cause BountyCore::refundDeposit() to fail

use safetransfer and safetransferFrom

Price oracle could get a stale price

`address.call{value:x}()` should be used instead of `payable.transfer()`

Solmate safetransfer and safetransferfrom doesnot check the codesize of the token address, which may lead to fund loss

The value of `createFeeDiscount` can never be updated

rollerPeriphery::approve() has no permission control and can steal contract tokens

As long as the set `Feeto` address, will make `VaultImplementation.sol::commitToLien()` to stop working

Nonces not used in signed data

use safecast

Steal their money

ConvertToShares () uses the LINK of the contract to calculate and may result in a loss of user assets