Anyone can delay reward distribution by calling notifyRewardAmount with minimal Deposits

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

There is inconsistency in fee taken on reserve in pool contract

Bond holders distribution will be incorrect when auction is failed due to sale pool limit

There will be precision loss in pool contract

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Users can claim more that their actual allotment

Incorrect referral fee calculations

Creator of one vesting plan can affect vesting plans created by other users.

Attacker can steal funds of depositor due to inflation attack

Lack of access control in `updateDownsideProtected` function leads to malicious things

Attacker can drain funds by passing incorrect price of USDa-USDT in `redeemUSDT` function

`calculateCumulativeRate` updated wrongly in `_withdraw` leads to wrong interest calculation

Fees on `buyVotes` are wrongly added in `marketFunds`

Fees are also collected on refund amount at the time of buying votes

Lack of slippage protection in `sellVotes` function

Lack of slippage protection leads to loss of protocol funds

Wrong check in `LVDepositNotPaused` modifier leads to unintended behaviour

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Users' ability to nuke will be DoSed for three days after putting NFTs up for sale and cancelling the sale

Imprecise token age calculation results in an incorrect nuke factor, causing users to claim the wrong amount

Chainlink's `latestRoundData` might return stale or incorrect results