Incorrect `currentPeriod` in `transferReserveToAuction` Leads to Auction Funds Being Stuck

Attacker can force auctions to fail preventing bond holders from getting rewards

Risk of DoS During Auction Bidding Due to USDC Blacklisted Bidders

Chainlink Has No Price Feed for WSTETH/USD on Base, WSTETH Cannot Be Used as a Reserve Token

Coupon Shares are allocated even if auction fails, resulting in users unable to claim rewards

`BorrowLiquidation` contract will incorrectly send the remaining ETH to the borrower after liquidation

Anyone can inflate `downsideProtected` causing a DOS of deposit/withdraw in `CDS`

Owner will be unable to withdraw interest from treasury under certain conditions

`BorrowLiquidation::liquidationType2` calculates the amount of sETH to short incorrectly when liquidating with Synthetix

`BoostCore` will be unable to invoke incentives `clawback` functions

Users will not be able to reclaim voting tokens after a shutdown is cancelled

User can stop a shutdown execution by creating a new listing which will force all voters to wait a long period before getting their payout

`BribeRewarder.deposit` Will Always Revert, Blocking the Voting Mechanism

`Voter.vote` Allows Users to Vote with Expired Locks, Introducing Voting Manipulation Risks

Unclaimed Bribe Rewards Remain Stuck in `BribeRewarder`

Incorrect Check in `_requireOnlyOperatorOrOwnerOf` Allows Unauthorized Access

Attacker could increase users lock time by exercising small amount with `exerciseLp`

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

`pointsSum.slope` Not Updated After Nominee Removal and Votes Revocation

Incorrect withdraw queue balance in TVL calculation

DOS of `completeQueuedWithdrawal` when ERC20 buffer is filled

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Withdrawals and Claims are meant to be pausable, but it is not possible in practice

`AccountingManager::resetMiddle` will not behave as expected

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

The total deposit amount limit in `AccountingManager.sol` can be bypassed

Incorrect modifier condition

`ZivoeRewardsVesting::revokeVestingSchedule` incorrectly decreases the total staking supply `_totalSupply`

`SettleLongPremium` is incorrectly implemented: premium should be deducted instead of added

Wrong leg `chunkKey` calculation in `haircutPremia` function

Unbond_instant removes incorrect amount of shares

Gas Mode Not Set to `Claimable` in `BlastGas` Contract

Some ERC20 don't allow 0 amount transfers which could result in Seller being unable to claim prefunded Base token capacity after `EMPAM` Auction settles without being filled

Batch auction settlement will be impossible if partially filled bidder or the curator get blacklisted in the base or quote tokens

Inability for Seller to Claim Remaining Capacity after Prefunded Atomic Auction `FPAM` Concludes

Some Bidders might be unable to claim their payout if Base token derivative expiry is too close to auction expiry

Users will never be able to withdraw their claimed airdrop fully in ERC20Airdrop2.sol contract

retryMessage unable to handle edge cases.

Risk of reentrancy `onERC721Received` function to manipulate collateral token configs shares

dailyDebtIncreaseLimitLeft is not updated in liquidate().

Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

V3Vault is not ERC-4626 compliant

Wrong global lending limit check in `_deposit` function

Users can lend and borrow above allowed limitations

Delegated amounts can be forcefully removed from anyone in the TwabController

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

`_amountOut` is representing assets and shares at the same time in the `liquidate` function

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract

`TwabLib::getTwabBetween` can return innacurate balances if `_startTime` and `_endTime` aren't safely bounded

Lack of Slippage Protection in `withdraw`/`redeem` Functions of the Vault

PrincipalToken is not ERC-5095 compliant

Withdrawals will be impossible after `queueCurrentEpochSettlement` and `settleEpochFromEigenLayer` are called

`queueOperatorStrategyExit` doesn't decrease the operator shares allocation

`requestWithdrawal` doesn't estimate accurately the available shares for withdrawals

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

[M09] No slippage check in `remove_liquidity` function in omnipool can lead to slippage losses during liquidity withdrawal.

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Missing access control on UTB:receiveFromBridge allows UTB swaps to be executed without spending bridge fees while bypassing fee/swap instruction signature verification

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

SALT staker can get extra voting power by simply unstaking their xSALT

Impossible to change managed wallets with `proposeWallets` after first rejection

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

onBalanceChange causes previously unclaimed rewards to be cleared

Since buyToken function has no slippage checking, users can get less tokens than expected when they buy tokens directly

Bidder can use donations to get VerbsToken from auction that already ended.

There is no way to liquidate a position if it breaches maxDebtPerCollateralToken value creating bad debt.

LendingTerm::debtCeiling() can return wrong debt as the min() is evaluated incorrectly

The price of rsEHT could be manipulated by the first staker

Protocol mints less rsETH on deposit than intended

Lack of slippage control on LRTDepositPool.depositAsset

Update in strategy will cause wrong issuance of shares

Attacker can reenter to mint all the collection supply

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Borrowers can escape from paying half of the penalty fees by closing the market, and those remaining penalty fees will be covered by the lender who withdraws last

Borrower can drain all funds of a sanctioned lender

Investors claiming their maxDeposit by using the LiquidityPool.deposit() will cause that other users won't be able to claim their maxDeposit/maxMint

Cached `DOMAIN_SEPARATOR` is incorrect for tranche tokens potentially breaking permit integrations

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

`rngComplete` function should only be called by `rngAuctionRelayer`

`fastTrackProposalExecution` should only be callable when `TemporalGovernor` is paused

`queueNewRewards` transferring wrong amount of reward token

`averagePrice` has wrong decimals due to `updatePricingInfo` wrong calculation

Some `idle` amount is neglected in `LMPVault._withdraw` function

Incorrect amount given as input to `_handleRebalanceIn` when `flashRebalance` is called

Did not remove vault from `_vaultsByType` when calling in `LMPVaultRegistry.removeVault`

Delegated amounts can be forcefully removed from anyone in the TwabController

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

`_amountOut` is representing assets and shares at the same time in the `liquidate` function

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract

`TwabLib::getTwabBetween` can return innacurate balances if `_startTime` and `_endTime` aren't safely bounded

Lack of Slippage Protection in `withdraw`/`redeem` Functions of the Vault

Owner in VaultProxy.sol is address(0)

Chainlink's `latestRoundData` may return stale or incorrect result

`updatePoolAddress` functions always reverts when updating existing poolId

`pause/unpause` functionnalities not implemented in many pausable contracts

Chainlink's `latestRoundData()` can return stale or incorrect result

Missing checks for whether Arbitrum Sequencer is active

`mintRebalancer` and `burnRebalancer` functions missing `onlyBalancer` modifier

Wrong pool address used for `DAIEthOracle` in `StableOracleDAI` contract

Error in the calculation of `amountToSellUnits` in `BuyUSSDSellCollateral` function

Chainlink's `latestRoundData()` can return stale or incorrect result

Risk of loss of funds when calling `mintForToken`

No slippage protection in `FlashLoanLiquidate`

function `restructureCapTable()` in Equity.sol not functioning as expected

Flash loan fee is incorrect in Private Pool contract

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

owner rollover queue index is always changed in `enlistInRollover`

`feeRecipient` can be set to `address(0)` when `feeMantissa != 0`

Error in `userRewardDebts` update in the `_claimInternalRewards`/`_claimExternalRewards` functions

Chainlink's `latestRoundData()` function missing check for round completeness

Staking rewards can be drained

Faulty Escrow config will lock up reward tokens in Staking contract

Vault fees can be set to anything when initilizing

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Users may not claim Erc1155 rewards when the Quest has ended

MinipoolManager: recordStakingError function does not decrease minipoolCount leading to too high GGP rewards for staker

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

Not enough margin pulled or burned from user when adding to a position

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

Anyone can prevent themselves from being liquidated as long as they hold one of the supported NFTs

GiantMevAndFeesPool.previewAccumulatedETH function: "accumulated" variable is not updated correctly in for loop leading to result that is too low

Calling `updateNodeRunnerWhitelistStatus` function always reverts

Reward can be over- or undercounted in `extendPledge` and `increasePledgeRewardPerVote`

Owner can transfer all ERC20 reward token out using function recoverERC20

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

`_payoutEth()` calculates `balance` with an offset, always leaving dust `ETH` in the contract

Redemption weight of tiered NFTs miscalculates, making users redeem incorrect amounts - Bug #1

beforeTokenTransfer called with wrong parameters in LBToken._burn

Very critical `Owner` privileges can cause complete destruction of the project in a possible privateKey exploit

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

The governance system can be held hostage by a malicious user

Loss of Veto Power can Lead to 51% Attack

ERROR IN UPDATING **_checkpoint** IN THE **increaseUnlockTime** FUNCTION