Liquidator can seize the whole collateral or collateral up to 200% of debt value during liquidation

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

LiquidateWithReplacement does not charge swap fees on the borrower

`AccountingManager#totalWithdrawnAmount` should reflect tokens actually transferred to users, instead of expected transfers

Attacker can mint the whole supply of Work tokens for a price of one token

PrincipalToken is not ERC-5095 compliant

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Once EntropyRateBps is set too high, can lead to denial-of-service (DoS) due to an invalid ETH amount

`ERC20TokenEmitter::buyToken` function mints more tokens to users than it should do

Specific bid amounts will not allow the auction to be settled and will DoS the Auction contract

Incorrect decimal usage in score calculation leads to reduced user reward earnings

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

No slippage protection for bonders

When adding a gauge, its initial value has to be set by an admin or all voting power towards it will be lost

Price is not calculated correctly according to the documentation in the contract

Vault is not compatible with some erc4626 vaults

Potential 99.5% loss in `emergencyWithdraw()` of two Yieldbox strategies

Pumps are not updated in the shift() and sync() functions, allowing oracle manipulation

If `ProtocolRewardsPool` is insufficient in EUSD, users will not be able to calim any rewards

It is possible to manipulate WETH/LBR pair to claim reward of the users which shouldn't be claimed

Incorrect Reward Distribution Calculation in `ProtocolRewardsPool`

Chainlink's latestRoundData is not validated

Chainlink's L2 sequencer is not checked if it is down

`StaticOracle` contract address is incorrect in `StableOracleWBGL` and `StableOracleDAI` contracts

Wrong decimals are assumed for `latestRoundData` in `StableOracleDAI` oracle

`StableOracleDAI` - ETH/DAI price is fetched instead of DAI/ETH

Anyone can mint more USSD tokens

`USSD.UniV3SwapInput` executes Uniswap V3 swap without slippage protection

Chainlink's latestRoundData might be stale or incorrect

Chainlink's `latestAnswer` function is deprecated

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

ShortFall contract might transfer incorrect amount of tokens to the highest bidder.

Previous owner of the club can steal tokens that he approved on

No checks if Arbitrum sequencer is down in Chainlink feeds

`Subaccount` contract and `Subaccount.execute` cannot receive ETH tokens

Pool tokens can be stolen via `PrivatePool.flashLoan` function from previous owner

`changeFeeQuote` will fail for low decimal ERC20 tokens

An attacker can manipulate the preDepositvePrice to steal from other users.