In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

maxSellPercent can be buypassed by selling previously bought vestings at a later time

Unlisting a vesting after seller has claimed additional steps locks tokens which should have been claimable already

maxSellPercent will be broken when a vesting is delisted after a seller has claimed additional steps

Listing potential can not be purchased with discounted price

`buyFee` And `sellFee` Should Be Known Before Purchase

Incorrect listing type validation bypasses enforcement of minimum purchase amount

Incorrect referral fee calculations

Missing option to remove tokens from the `isTokenSupport` mapping can result in huge financial loss for users and the protocol

MarketPlace Change In Vesting Manager, Leads To Loss Of Previous MarketPlace Listing

Unauthorized increase of maxSellPercent

Calculation for `directionMask` is incorrect

Minting zero tokens when underlyingToken is not Ether in cashIn()

The fee for the protocol in the function RamsesV3Pool::flash() if not calculated correctly

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Credit can be sold forcibly as `forSale` setting can be ignored via Compensate

LiquidateWithReplacement does not charge swap fees on the borrower

BalancerConnector has incorrect implementation of totalSupply, positionTVL and total TVL will be invalid

`SNXConnector.sol` TVL calculation is incorrect.

Incomplete TVL Calculation in `AerodromeConnector::_getPositionTVL` Function.

Invalid handling of holding positions in `DolomiteConnector::transferBetweenAccounts`

`_getPositionTVL` of `UNIv3Connector` wrongly assumes ownership of all liquidity of the provided ticks inside `positionManager`.

Numerous errors when calculating the TVL for the MorphoBlue connector

In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true

It is possible to open insolvent position is Silo connector, due to missing check in borrow function

`veMav` token in `MaverickConnector` does NOT have an existing oracle, so staking Mav would always lead to DoS for TVL calculation

`PrismaConnector.sol` should also check health factor in `openTrove()` function

CompoundConnector.sol misses unclaimed rewards in getPositionTVL, resulting in undervalued positionTVL/TVL

`_getPositionTVL()` of The StargateConnector doesn't accoount for the total value locked.

LP tokens from Boosted Positions are not included in the TVL calculation of a position held by the MaverickConnector

The `TVLHelper.sol#getTVL` function is DOSed by the `under collateralized connector`, and as a result, many parts of the protocol may be DOS.

In the SNXV3Connector, unclaimed rewards are not included in the calculation of the connectors TVL

Incorrect Return Value in `CompoundConnector.getBorrowBalanceInBase()` Affecting TVL Calculation

` PendleConnector::_getPositionTVL` will revert for in the current implementation because there is no need to stake the LP tokens anymore

In the BalancerConnector, unclaimed rewards are not included in the calculation of the connectors TVL

Missing calls to `_updateTokenInRegistry` leads to incorrect state of tokens in registry

Extra rewards are not updated in curve connector when harvestConvexRewards is called

Contract does not earn any boosted position rewards in Maverick Connector

The check when increasing the `minimumHelthFactor` in the `SiloConnector` is wrong because this variable is used differently in this connector

`SNXV3Connector::_getPositionTVL` only works for collateral with 18 decimals

Burning sUSD in `SNXV3Connector:: mintOrBurnSUSD` will not work because the sUSD to burn are not deposited into the SNXV3 protocol

In the `Gearboxv3` connector the health factor of the account is never considered

In the AerodromeConnector, unclaimed rewards are not included in the calculation of the connectors TVL

Some connectors prevents repayment of a borrow position if it doesn't leave the connector solvent or above minimumHealthFactor

The health factor check in `PrismaConnector::adjustTrove` will always pass because the ICR in the Primsma protocol has 20 decimals

Using the same heartbeat for multiple price feeds

No function to claim the reward in `PancakeswapConnector`.

Allocator in ` QVSimpleStrategy` can vote infinite number of times because the number of already allocated voice credits are not updated

`QVSimpleStrategy` does not work when token is a `fee on transfer token`

`DonationVotingMerkleDistributionVaultStrategy` deos not work if one of the allowed tokens is a fee on transfer token

In `QVSimpleStrategy.reviewRecipients()` the last review that matches or crosses the `reviewThreshold` will determine the final status of the recipient

In `RFPSimpleStrategy` the `poolAmount` must always be bigger or equal to the proposal bid of the recipient even parts of the pool were already distributed

When calling `QVBaseStrategy._qv_allocate`, the variable `_allocator.voiceCreditsCastToRecipient[_recipientId]` is not updated correctly

Admin can't burn tokens from blocklisted addresses because of a check in _beforeTokenTransfer

Users may be forced into long lock times to be able to undelegate back to themselves.

Each time `initializeDistributionRecord` in `PriceTierVestingSale_2_0` is called new voting tokens are minted

Changing the `voteFactor` messes up the voting powers of recipients with already initiated `distributionRecords`

In `PriceTierVesting` there is no check if the Sequenzer for L2s is up when calling the oralce

`optionTokens` can be expired even though the epoch is not over

`addLiquidityPermit2` in `ArrakisV2Router.sol` reverts for vaults where token0 is `weth`

`ChainLinkOraclePivot.sol` does not work properly if the update intervals (the heartbeat) of the two used oracles is different

Chainlink Oracle will return wrong price if underlying aggregator hits minAnswer

getPriceFromChainlink() doesn't check if sequencer for Arbitum/Optimism is down in Chainlink feeds

Chainlink's latestRoundData return stale or incorrect result for L1

BTC/USD chainlink oracle is used to price WBTC which is problematic for minting if WBTC depegs

BTC/USD chainlink oracle is used to price WBTC which is problematic for rebalancing if WBTC depegs

Bad club owner can set approval for all to himself, sell the club and take all players

Changing the borrowFeeRate results in a lower than expectet borrowFeeRate for new borrowed JUSD

CHALLENGER_REWARD can be used to drain reserves and free mint

Owner of Denied Position is not able to withdraw collateral until expiry.