Sqrt function silently reverts the entire control flow when a packed float of 0 value is passed

Natural Logarithm Function Silently Accepts Invalid Non-Positive Inputs

Early 72-digit adjustment in sqrt will lead to incorrect result exponent calculation

Amino legacy signing method broken because of name mismatch

[M09] No slippage check in `remove_liquidity` function in omnipool can lead to slippage losses during liquidity withdrawal.

Replace old_sum_bias by old_bias

Pre-defined limit is different from the spec.

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

No slippage protection on `stake()` in SafEth.sol

Missing derivative limit and deposit availability checks will revert the whole `stake()` function

deploying contracts with forceDeployOnAddress will break contracts when callConstructor is false

[Medium - 1] Too few rewards paid over periods in Furnace and StRSR

[Medium-3] Non-compliance with EIP-4337

`PaprController` pays swap fee in `buyAndReduceDebt`, not user

Hijacking of node operators minipool causes loss of staked funds

node operator is getting slashed for full duration even though rewards are distributed based on a 14 day cycle

Users may not be able to redeem their shares due to underflow

Cancellation of minipool may skip MinipoolCancelMoratoriumSeconds checking if it was cancelled before

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

Recreated pools receive a wrong AVAX amount due to miscalculated compounded liquid staker amount

First depositor can break minting of shares

Rounding error in buyQuote might result in free tokens

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

Discrepency in the Uniswap V3 position price calculation because of decimals

During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used

Calling `updateNodeRunnerWhitelistStatus` function always reverts

rotateNodeRunnerOfSmartWallet is vulnerable to a frontrun attack

Oracle assumes token and feed decimals will be limited to 18 decimals

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Supply cap of VariableSupplyERC20Token is not properly enforced

Mismatch in `withdraw()` between Yearn and other protocols can prevent Users from redeeming zcTokens and permanently lock funds

A VAULT OWNER CAN BE ALSO THE CONTROLLER AND ARBITRARILY SET THE SECONDARY MARKET ROYALTIES

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Use a safe transfer helper library for ERC20 transfers