`AutoCompoundingPodlLp::_getSwapAmount` assumes tokens are sorted

`FraxLendPairCore::_addInterest` incorrectly calculates utilization rate

Decrease in vaults asset/share ratio will lead to incorrect Asset Metadata calculations in `LendingAssetVault`

Incorrect slippage calculations in `Zapper::_swapV3Single` under certain conditions

Hardcoded V3 pool fee tier in `Zapper::_swapV3Single` can be exploited or lead to DOS under certain conditions

`AutoCompoundingPodlLp` does not support self-lending Pod with podded pair

Unwrap fees is applied twice on pTKN price calculation

Out-of-Bounds Array Access in `_calculateQuantAMMVariance` with Odd Number of Assets and Vector Lambda

GradientBasedRules will not work for >=4 assets with vector lambdas

Incorrect uplift fee calculation leads to LPs incurring more fees than expected

“Uplift Fee” Incorrectly Falls Back to Minimum Fee Due to Integer Division

incorrect length check in `_setGradient` will DOS manual setting of `intermediateGradientState` after pool initialization

incorrect length check in `_setIntermediateVariance` will DOS manual setting of `intermediateVarianceStates` after pool initialization

incorrect length check in `_setIntermediateCovariance` will DOS manual setting of `intermediateCovarianceStates` after pool initialization

Early return in `DebitaIncentives::updateFunds` will prevent funds update for other whitelisted pairs

Malicious lendOrder can delete all orders

DebitaV3Loan::extendLoan can be DoSed due to underflow arithmetic

PoolLogic::executeMintToTreasury decreases supplyShares which will lead to insolvency issues

getSupplyBalance and getDebtBalance calculates wrong balances affecting a bunch of functions

`LiquidationLogic::_calculateDebt` returns user's debtShares instead of debt balance

Liquidation fee is not taken from user's collateral balance & underlying balance

Use of incorrect NextDebtShares during liquidation will result in incorrect interest rate calculations

getAssetPrice uses a fixed heartbeat of 30 min for stale price check, this would DoS priceFeeds of oracles with > 30 min heartbeat

GenericLogic::calculateUserAccountData assumes same price decimals for all price feeds

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

Native token withdrawal fails until manually approved

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

listOffer maker can settle offer via settleAskMaker() in Turbo settle type.

Missing abort status check allows bid taker to steal users funds

`listOffer` Unsafely References Fungible Identifiers

Market Makers via relisting protected offers cannot set their Maker Bonus

Incorrectly assigned `decimal1` parameter upon decoding

`WellUpgradeable` can be upgraded by anyone

Briber has no way to claim unclaimed bribes after bribing period ends as stated by the docs

DOS on voting for pools with bribeRewarder due to incorrect check on _modify

Voters can loose their rewards due to wrong reward calculation in `_calculateRewards()`

MasterChefV2 doesn't account for fee on transfer tokens on deposits

Anyone can prevent pools from being bribable

require statement in harvestPositionsTo prevents approved sender from harvesting positions

incorrect implementation of onlyOwnerOrOperator allows anyone to call addToPosition on any position

Multiplier updates are not enforced on existing positions

Circulating supply of FLOW is calculated incorrectly

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

Fragmentation fee is not taken if user compensates with newly created position

`executeBuyCreditMarket` returns the wrong amount of cash and overestimates the amount that needs to be checked in the variable pool

Multicall does not work as intended

LiquidateWithReplacement does not charge swap fees on the borrower

Incorrect vesting period data DOSes claiming of tokens

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

Missing enough exogeneous collateral check in `VaultManagerV2::liquidate` makes the liquidation revert even if (DYAD Minted > Non Kerosene Value)

User can get their Kerosene stuck because of an invalid check on withdraw

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Use of unintiliazed `lotId` to store auction routing data

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.