Asymmetric Loss Distribution: Non-stakers Penalized by First-To-Withdraw Advantage After Yield Farming Losses

Deposits on long one leverage vault don't actually finalize the flow, leading to a Denial of Service (DoS)

Adversary can win proposals with voting power as low as 4%

Out-of-Bounds Array Access in `_calculateQuantAMMVariance` with Odd Number of Assets and Vector Lambda

Fee Evasion via LP Token Transfer Resets Deposit Value

Owner fee will be locked in `UpliftOnlyExample` contract due to incorrect recipient address in `UpliftOnlyExample::onAfterSwap`

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

“Uplift Fee” Incorrectly Falls Back to Minimum Fee Due to Integer Division

Transferring deposit NFT doesn't check if the receiver exceeds the 100 deposit limit

Reentrancy Attack in `fillOrder` Function of OracleLess.sol

Duplicate Order ID Vulnerability can Drain the Whole Protocol

Frontrunning Vulnerability in claim() Function Leading to Loss of Rewards

Improper Epoch Handling in `handleProofResult()` Function Leading to Unclaimable Rewards

Protocol is not complient with ERC1504

Boost Creator Loses Access to Reclaim Funds Due to Owner Assignment in Deployed Incentive Contracts

Loss of Fee in Boost Protocol Due to Referral Fee Manipulation

Incompatibility with Fee-on-Transfer Tokens Causes Transaction Reverts

Weak Randomness in drawRaffle() Function Allows Manipulation by Block Proposers

Protocol Fails to Handle Rebasing Tokens, Leading to Potential Reward Losses for users

maxDeposit doesn't comply with ERC-4626

User can deposit into the `superpool` even when the pool is paused.

Incorrect Handling of Base Pool Caps in Superpool.sol Could Lead to Suboptimal Fund Distribution.

TokenManager - Unlimited withdraw

Native token withdrawal fails until manually approved

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

Unnecessary balance checks and precision issues in TokenManager::_transfer

`listOffer` Unsafely References Fungible Identifiers

Vultisig whitelisting can be bypassed by anyone

Incorrect withdraw queue balance in TVL calculation

`EnglishPeriodicAuctionInternal.sol:_cancelAllBids` function can cancel the highest bid

Dilution of Donations in Tranche

Sandwich Attack on rewardValidators Function, Attacker can earn max-profit quickly.