`invest()` function does not check for Maximum Tokens Available for Sale

`invest()` Function Allows Investments Even After Sale Has Ended

Lack of Validation for endTime in startSale Function Allows Setting Past Timestamps

updateEndTime Function Allows Setting Invalid Timestamps and sale can be extend indefinitely

`updateDssToken` Function Allows Mid-Sale Token Address Changes

Constructor does not Validate Creator's Initial Contribution Against `minBuyCreator` , `maxBuyCreator`,maxCap Limits

NativeMetaTransaction.sol :: executeMetaTransaction() failed txs are open to replay attacks.

Users Can Join DAOs Using Removed Currencies Due To Missing Validation

Incorrect Handling of Fee-on-Transfer Tokens in ManagedBudget

Approval Race Condition for USDT Token

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Token withdrawal fails until someone manually approves spending

`mulDiv()` can round down to 0 in realistic cases, allowing for tax avoidance

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

Upgrade-Safe Usage of SafeERC20 in CompoundVeFNXManagedNFTStrategyUpgradeable.sol

Incorrect Data Type Handling in `writeVarInt` Function

Potential Vulnerability in `execTransactionOnBehalf` Function Allowing Destruction of `targetSafe` contract

getPreviewModule() Returns Incorrect Data

User Can Claim More Than totalAmount Due to Lack of Max Return Amount Check in _vested Function