The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Inflated `totalAssets` in `StrategyMainnet`, `StrategyArb`, and `StrategyOp` Contracts

Users can claim more that their actual allotment

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

Underflow in `claimable` DOSing `claim` Function

Cancel doesn't remove orders mappings, allowing attacker to modify it to extract funds again

in oracleLess, attacker can create two orders in same block to steal funds

cross function reentrency to cause loss of funds to user by malicious `target`

users that gave approvals to `stopLimit` contract can be drained

Attacker can use malicious token with hook in `oracleLess` to cause loss of funds to users

attacker can dos the time sensetive `fillStopLimitOrder::stopLimit`

wrong logical operator in `PythOracle` Forcing Stale prices only

`SablierFlowBase` Lacks `EIP-165` Compliance for `EIP4906` Interface Support

Loss of rewards to users due to wrong check and inbuilt logic

relisting previously liquidated NFT will cause loss of funds to new owner

reserving a previously liquidated Token will cause loss of funds to new owner

`Listings::reserve()` doesn't delete reserved listings causing integration issue

Voters lose their tokens due to misconfiguration in `cancel` function

Malicious Whale can cause Loss of Fees of LP Providers

User Initializing a Pool will have his funds stuck

Owner of Bridged ERC1155 Royalties can't claim them

Attacker can frontrun large fee deposits from `fillListing`

Malicious user can prevent `lockerManager` from executing `CollectionShutdown` function

Malicious user can bypass execution of `CollectionShutdown` function

EdgeCase in `CollectionShutdown` leading to funds being stuck.

Malicious Whale can manipulate `totalsupply` to liquidate or illiquidate a liqudiateable listing

Broken core contract functionality `UniswapImplementation::setFeeExemption` making `exemptionFee` is never useable

User extra funds during Pool initializtion would be stuck in `UniswapImplementation`

Corruptible Upgradability Pattern

Variation from The link pointing to invariants and the actual implementation

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

in `setVoteDelay::vote` Users opted to vote for Killed Gauages will be forced to voting Delays.

in `BribeRewarder::_modify()` the check of the ownership of the `tokenId` with `msg.sender` as the passed parameter will make `voter::vote()` always revert

unchecked (finished `lockDuration` of `mlumStaking` positions) during `vote()` opening up the ability to double vote with same funds in the same period.

Pools should be compatible with weird `ERC20` behaviours, `MasterChefV2` is incompatibile with Rebasing tokens leading to bad consequences.