quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Inflated `totalAssets` in `StrategyMainnet`, `StrategyArb`, and `StrategyOp` Contracts

Old router retains token allowance after update

Users can claim more that their actual allotment

Incorrect referral fee calculations

Underflow in `claimable` DOSing `claim` Function

Listing potential can not be purchased with discounted price

Replay Attacks Due to Improper Nonce Management in Signature Verification

Potential Underflow in `withdrawInterest`

Unrestricted Access to `executeSetterFunction` Allows Unauthorized Approval Reset

Potential for Insufficient Ether Balance During Liquidation Process

LamboFactory can be permanently DoS-ed due to createPair call reversal

Token Claim Hijacking Due to Missing Validation

MembershipERC1155 proxy cannot be upgraded

Subtraction in `variance()` will revert due to underflow

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

Inadequate Reward Claim Tracking: Prevents Full Reward Access Across Epochs

Griefer can permanently DOS all the deposits to the `StakingPool`

Handling of Empty Data Arrays in StakingPool Causes Array Out-of-Bounds Access

ERC20Incentive onlyOwner Restriction Causes Operational Lock

Lack of Validation in Referral Fee Enables Full Claim Fee Allocation to Referrer

Incompatibility with Fee-on-Transfer ERC20 Tokens in allocate

[H-01] Auction tokens will be lost forever when auction ends without bids

Epoch mismatch in FjordPoints and FjordStaking leads to user being able to stake and unstake instantly for rewards

Refund Actions Will Inadvertently Lock Contract Owners' ETH

Malicious Users Will Block Raffle Winners from Claiming Prizes in WinnablesTicketManager

Role Management Flaw Grants Permanent Access to Users

TokenManager - Unlimited withdraw

Unnecessary balance checks and precision issues in TokenManager::_transfer

Incorrectly assigned `decimal1` parameter upon decoding

Improper Domain Separator Hash in _domainSeparatorV4() Function

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Availability of deposit invariant can be bypassed

Incorrect withdraw queue balance in TVL calculation

Withdrawals and Claims are meant to be pausable, but it is not possible in practice

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Flash loan protection mechanism can be bypassed via self-liquidations