Notify bribes about deposit will revert breaking the voting

Incorrect operator authorization

Renewing position harvests rewards to the operator

Incorrect claim index and update

Native token vesting is not supported

Wrong burn logic

Unlimited claim of initial release

No slippage protection

Wrong addresses configuration

Unprotected mint and burn

Chainlink stale data

Repay and liquidate race after unpausing

Unprotected commit collateral

Fee changes affect pending bids

Escrow does not handle fee on transfer tokens

Loop gas limit

DOS queue minting of shares

Enlisting in rollover might assign a wrong index

Change of treasury whitelists and sets different variables

Mint limit is not reduced when the Vault is burning TAU

Not all providers claim the rewards

Unnecessary allowance when swapping rewards

Hardcoded WETH

Wrong assumption that stablecoins are always equal in price

Protocols dependence on each other

withdrawal request override

Removal of tokens discards accrued rewards

Anyone can mint the first token and start the auction

Repeated requests of withdrawal

Chainlink stale data

Dependant token transfers can block claims

Refunds after close can trick the claims

One refund can break the bounty

Many deposits can block refunds

Token limit might be artificially reached

Impossible to reduce the size of payout schedule

Locked funds do not account for claims and refunds

Unlimited rolls

Fully repaid debt tokens do not reach the lender

Transfer return values

Loan is rollable by default

TWAP value is not reliable

Rebalance with any account

Redeem depository search does not account for amount

Vulnerable GovernorVotesQuorumFraction version

Unprotected checkOrder

FILO can cause DOS

Anyone can withdraw approved tokens from gauge

Changes in system parameters might hurt existing users

Missing or not entirely correct validations

Support of various tokens

Re-entrancy protection

Lend or mint after maturity

Unpaused on redeem functions

User controlled parameters and re-entrancy

Mint Illuminate's ERC5095 indefinitely and auto redeem

Incorrect parameters

ecrecover returns zero address for invalid signatures

commitToLiens via AstariaRouter will not work

Strategist nonce replay

Increasing the lock malfunction

Support of weird ERC20s

Unbounded fee

Cannot repay the native asset

Missing validations