Some tokens enable the direct draining of all approved `ERC20Votes` tokens

Anyone can steal CryptoPunk during the deposit flow to WPunkGateway

Value can be stuck in Adapters

Owner can transfer all ERC20 reward token out using function recoverERC20

`NFTCollection.sol`: Initial Royalties can be over 100%

Transfering funds to yourself increases your balance

Using `transferFrom` on ERC721 tokens

Chainlink's `latestRoundData` might return stale or incorrect results

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol

transfer() depends on gas consts

Undesired behavior

`VE3DRewardPool` and `VE3DLocker` adds to an unbounded array which may potentially lock all rewards in the contract

`VE3DLocker.sol` Wrong implementation of inversely traverse for loops always reverts

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Bribe.sol is not meant to handle fee-on-transfer tokens

USDT is not supported because of approval mechanism

No cap on fees can result in a DOS in BathToken.withdraw()

Admin rug vectors

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

`RubiconMarket.sol#isClosed()` always returns false, making the market can not be stopped as designed

Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

amount requires to be updated to contract balance increase (1)

Protocol doesn't handle fee on transfer tokens

Chainlink's latestRoundData might return stale or incorrect results

Lack of `safeApprove(0)` prevents some registrations, and the changing of stakers and LP tokens

`call()` should be used instead of `transfer()` on an `address payable`

Chainlink's latestRoundData might return stale or incorrect results

Update initializer modifier to prevent reentrancy during initialization

Protocol doesn't handle fee on transfer tokens

`sendCollateralTo` is unchecked in `closeLoan()`, which can cause user's collateral NFT to be frozen

Centralisation RIsk: Owner Of `RoyaltyVault` Can Take All Funds

Add a timelock to `setPlatformFee()`

Pool Credit Line May Not Able to Start When _borrowAsset is Non ERC20 Compliant Tokens

WithdrawFacet's withdraw calls native payable.transfer, which can be unusable for DiamondStorage owner contract

Improper Upper Bound Definition on the Fee

Update initializer modifier to prevent reentrancy during initialization

`settleFunding` will exceed block gas with more markets and activity

Send ether with call instead of transfer.

SafeERC20.sol is imported but not used in the transferBribes() function

[WP-H0] `DEFAULT_ADMIN_ROLE` of `BribeVault` can steal tokens from users' wallets

Undesired behavior

Fee-on-transfer token donations in `Shelter` break withdrawals

Unconstrained fee

No upper limit on `coolDownTimeInSeconds` allows funds to be locked sNOTE owner.

Consistently check account balance before and after transfers for Fee-On-Transfer discrepencies

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

[WP-M17] `Vault.sol` Tokens with fee on transfer are not supported

Unbounded iteration over all indexes (2)

Add a timelock to `BaseStrategy:setPerfFeePct`