Users will get no reward if _updateReward is invoked periodically

`onlyGovernance` restricted functions always revert on satellite chains

Incorrect assumption that PT to underlying asset rate is 1.0 post-expiry

Rewards With Low Decimal Tokens will Be Lost

OraclePendlePT::latestAnswer does always return price in 18 decimals for some market

User cannot use USDT in PendlePTRouter

Users will lose WStable

sUSDe cannot be withdrawn from WStable

Rebalancer Can Steal All Funds

WrapAndSupply::wrapAndSupplyOnExtensionMarket Does Not Pay Gas Fee

Everclearbridge::sendMsg Does Not Pull Tokens

Everclearbridge::sendMsg Does Not Approve Enough Tokens

BatchSubmitter Cannot Handle Liquidation Call

Rebalancer Cannot Manage Returned Funds

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Underflow when updating credit delegation will result protocol DoS

Vaults weth reward is not distributed correctly

Incorrect Debt Check in `CreditDelegationBranch::settleVaultsDebt` Function

Total market debt > 0 when credit deposits > netusdissuance which breaks key protocol logic

Incorrect calculation in CreditDelegationBranch::withdrawUsdTokenFromMarket allows attacker mint any amount of usdz

Incorrect vault debt validation logic in rebalanceVaultsAssets causes reverts

UsdTokenSwapConfig::Data::usdcAvailableForEngine Increases but Never Used, Locking USDC Forever

No way to set UsdTokenSwapConfig pd curve parameters

`Market::configureConnectedVaults` Will Always Fail with Array Out of Bounds Error

Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency

Attacker can manipulate the amount of output tokens of users in ZlpVault

CreditDelegationBranch::depositCreditForMarket cannot update market realized debt properly

FeeConversionKeeper::performUpkeep May Exceed Gas Limit Due to Vault Updates

BaseAdapter::__BaseAdapter_init Should Use onlyInitializing, Not initializer

ZlpVault Does Not Fully Implement ERC-4626

VaultRouterBranch::getVaultCreditCapacity does not take zero return into account

Chainlink Keeper Cannot Process All Swap Logs in a Block

Critical: Malicious user can delete all Users Deposited Liquidity.

Slight miscalculation in maxAmountsIn for Admin Fee Logic in UpliftOnlyExample::onAfterRemoveLiquidity Causes Lock of All Funds

Owner fee will be locked in `UpliftOnlyExample` contract due to incorrect recipient address in `UpliftOnlyExample::onAfterSwap`

Missing initialize Function in UpliftOnlyExample Hook/Router

Inconsistent timestamp storage when the LPNFT is transferred.

Old router retains token allowance after update

Possible hash collision when creating order

A malicious user can steal all funds from `Bracket`, `StopLimit` and `OracleLess` contract

Possible DoS in `AutomationMaster::getExchangeRate`

`SafeERC20.safeApprove` reverts for changing existing approvals

`PythOracle::currentValue` does not work as expected

Malicious user can delete all lend orders from DLOFactory

Lenders and Borrowers do not get correct incentives

Borrower can deprive lender off interest in a loan

Borrower has to pay more fee than intended to extend loan