`decode_legacy_tx` allows validation of signatures with chain_id that are larger than felt, and overflows

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

`ChakraSettlement.receive_cross_chain_msg` and `ChakraSettlement.receive_cross_chain_callback` functions do not ensure that receiving `ChakraSettlement` contract's `contract_chain_name` must match `to_chain` corresponding to respective `txid` input though

The LockMint and BurnUnlock modes cannot be used

In Starknet already processed messages can be re-submitted and by anyone

The `refundAccount` is erroneously set to `msg.sender` instead of `tx.origin` when `refundAccount` specified as `address(0)`

Edge from dishonest challenge edge tree can inherit timer from honest tree allowing confirmation of incorrect assertion

Market#totalAssets: unassignedEarnings from earlier maturities might have not been accrued, allowing attacker to steal the unaccrued earnings.

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

Flash loan protection mechanism can be bypassed via self-liquidations

Liquidation bonus logic is wrong

Single host can unfairly skip veto period for proposal that does not have full host support

Attacker can call `KeeperFactory#settle` with empty arrays as input parameters to steal all keeper fees

Protocol fee from Market.sol is locked

PythOracle:if price.expo is less than 0, wrong prices will be recorded

Vault.sol: `settle`ing the 0 address will disrupt accounting

Malicious user can use liquidation to bypass most of the global invariant checks

Users can make any user follow them via `FollowNFT::tryMigrate()` without their consent

Users can self-follow via `FollowNFT::tryMigrate()` on Lens V2

`tryMigrate()` doesn't ensure that `followerProfileId` isn't already following

Blocked follower can keep follow with `batchMigrateFollows`

Proposal requiring native coin transfers cannot be executed

Lack of return value handing in `ArbitrumBranchBridgeAgent._performCall()` could cause users' deposit to be locked in contract

Multiple issues with `retrySettlement()` and `retrieveDeposit()` will cause loss of users' bridging deposits

`RootBridgeAgent->CheckParamsLib#checkParams` does not check that `_dParams.token` is underlying of `_dParams.hToken`

Due to inadequate checks, Adversary can call `BranchBridgeAgent#retrieveDeposit` with an invalid `_depositNonce`, which would lead to loss of other users' deposit.

When an anyExecute call is made to `RootBridgeAgent` with a `depositNonce` that has been recorded in `executionHistory`, initialGas and userFeeInfo will not be updated, which would affect the next caller of `retrySettlement`.

Accounts will not be liquidated when they are meant to.

User would liquidate his account to sidestep `takerInvariant` modifier

DOS attack prevents refunding previous bid in Shortfall.sol and malicious bidder always wins the auction

CHALLENGER_REWARD can be used to drain reserves and free mint

need alternative ways for fund transfer in `end()` to prevent DoS

POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES

PrivatePool owner can steal all ERC20 and NFT from user via arbitrary execution

Reward accounting is incorrect in BathBuddy contract

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

Stuck ether when use function `stake` with empty `derivatives`(`derivativeCount` = 0)

Users will be able to purchase fewer NFTs than the project had anticipated

Attacker can rollover more shares than a user's intention or cause the mintRollovers function to be unusable.

For any epochId, an attacker can prevent many other users' assets from being rolled over