Curve reentrancy check for tokens being borrowed is missing

Check on `MAX_TOTAL_TOKEN_NUMBER` off by one

Disputers can recover bonds lost in dispute by stealing bonds of future claims

After a `TokenLock` is revoked tokens can be lost permanently

Incorrect `DAIEthOracle` in `StableOracleDAI` and `StableOracleWBGL`

Incorrect check on collateral being `DAI` in `USSDRebalancer.SellUSSDBuyCollateral()`

Incorrect rebalancing due to unrelated Uni V3 pool reserves

`price` is DAI/ETH instead of ETH/DAI in `StableOracleDAI.getPriceUSD()`

Incorrect decimals for `price` in `StableOracleDAI.getPriceUSD()`

Incorrect `amountToSellUnits` decimals in `USSDRebalance.BuyUSSDSellCollateral()`

Unprotected `mintRebalancer` and `burnRebalancer` functions

Incorrect `ExactInputParams` struct in `USSD`

Funds can be stolen if WBTC depegs

An attacker can manipulate the preDepositvePrice to steal from other users.

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

In de-peg scenario, forcing full exit from every derivative & immediately re-entering can cause big losses for depositors

Users deposit could get stuck due to check in `decreaseTotalLp` function

Collateral ratio calculation is incorrect if `collateralToken` isn't in 18 decimals

Liquidity Vault can be drained

`userRewardDebts` incorrectly updated in `_claimInternalRewards()`

`cachedUserRewards` incorrectly updated in `_withdrawUpdateRewardState()`

Vault can experience long downtime periods

Rewards can get stuck and can be unavailable for some time

`debt` tokens are sent to `address(0)` instead of lender in `repay()`

Unchecked return values of `transfer` and `transferFrom`

Tokens not owned by an account can be added as an asset to the account

Missing check on `account` in `PerpDepository.rebalance()`

`PerpDepository` not compatible with `assetToken` with decimals different from 18

Missing approval of `assetToken` to `spotSwapper` in `PerpDepository._rebalanceNegativePnlWithSwap()`

Missing approval of `quoteToken` to `vault` in `PerpDepository._rebalanceNegativePnlWithSwap()`

Curve LP oracle manipulation with read only reentrancy in pool's `get_virtual_price`

`transferPosition()` to `address(0)` allows matching the same order multiple times

`settleContract` gas usage can be increased by bull making settling unprofitable for bear

Unexpected liquidations after batchSwap with intermediate amounts

Loan can be written off by anybody before overdue delay expires

A stake that has just been locked gets full reward multiplier

Rewards delay release could cause yields steal and loss

frxETHMinter.depositEther may run out of gas, leading to lost ETH

Supply cap of VariableSupplyERC20Token is not properly enforced

Incorrect handling of pricefeed.decimals()

Vault.sol is not EIP-4626 compliant

ERC4626 underlying decimals could be different

Missing check on decimals of Chainlink price feed

ERC777 reentrancy in self-liquidation

Can register a non-allowed collateral as collateral

Missing validation of `latestRoundData` return data

Anyone can pass any proposal alone before first `VOTES` are minted

After endorsing a proposal, user can transfer votes to another user for endorsing the same proposal again

Builder can call `Community.escrow` again to reduce debt further using same signatures

Project funds can be drained by reusing signatures, in some cases

Error in allowance logic

RubiconRouter: Excess ether did not return to the user

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

Malicious pools can be deployed through `BathHouse`