The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Critical: Malicious user can delete all Users Deposited Liquidity.

Fee Evasion via LP Token Transfer Resets Deposit Value

Slight miscalculation in maxAmountsIn for Admin Fee Logic in UpliftOnlyExample::onAfterRemoveLiquidity Causes Lock of All Funds

Loss of Fees for Router `UpliftOnlyExample` due to Division Rounding in Admin Fee Calculation, Causing Unfair Fee Distribution

Owner fee will be locked in `UpliftOnlyExample` contract due to incorrect recipient address in `UpliftOnlyExample::onAfterSwap`

Donations are sanwichable to steal funds from LP

fees sent to QuantAMMAdmin is stuck forever as there is no function to retrieve them

Incorrect uplift fee calculation leads to LPs incurring more fees than expected

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

`setUpdateWeightRunnerAddress` could break the protocol

“Uplift Fee” Incorrectly Falls Back to Minimum Fee Due to Integer Division

Transferring deposit NFT doesn't check if the receiver exceeds the 100 deposit limit

Users transferring their NFT position will retroactively get the new `upliftFeeBps`

Last withdrawer will donate fees to empty pool allowing MEV and having always stuck funds in the pool

in `UpliftOnlyExample`, Immutable UpdateWeightRunner Address Prevents Seamless Contract Migration

Moving Average Length Validation Prevents Admin Override for Rules Requiring Historical Data

missing implementation for a function to change upliftFee

Protocol Fees Diminished Due to Admin Fee Payment on Liquidity Removal

`minWithdrawalFeeBps` are not added to `upliftFeeBps` causing loss of fees and allowing MEV actions

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Inflated `totalAssets` in `StrategyMainnet`, `StrategyArb`, and `StrategyOp` Contracts

Users can claim more that their actual allotment

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

Underflow in `claimable` DOSing `claim` Function

Cancel doesn't remove orders mappings, allowing attacker to modify it to extract funds again

in oracleLess, attacker can create two orders in same block to steal funds

cross function reentrency to cause loss of funds to user by malicious `target`

users that gave approvals to `stopLimit` contract can be drained

Attacker can use malicious token with hook in `oracleLess` to cause loss of funds to users

attacker can dos the time sensetive `fillStopLimitOrder::stopLimit`

wrong logical operator in `PythOracle` Forcing Stale prices only

`SablierFlowBase` Lacks `EIP-165` Compliance for `EIP4906` Interface Support

Loss of rewards to users due to wrong check and inbuilt logic

relisting previously liquidated NFT will cause loss of funds to new owner

reserving a previously liquidated Token will cause loss of funds to new owner

`Listings::reserve()` doesn't delete reserved listings causing integration issue

Voters lose their tokens due to misconfiguration in `cancel` function

Malicious Whale can cause Loss of Fees of LP Providers

User Initializing a Pool will have his funds stuck

Owner of Bridged ERC1155 Royalties can't claim them

Attacker can frontrun large fee deposits from `fillListing`

Malicious user can prevent `lockerManager` from executing `CollectionShutdown` function

Malicious user can bypass execution of `CollectionShutdown` function

EdgeCase in `CollectionShutdown` leading to funds being stuck.

Malicious Whale can manipulate `totalsupply` to liquidate or illiquidate a liqudiateable listing

Broken core contract functionality `UniswapImplementation::setFeeExemption` making `exemptionFee` is never useable

User extra funds during Pool initializtion would be stuck in `UniswapImplementation`

Corruptible Upgradability Pattern

Variation from The link pointing to invariants and the actual implementation

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

in `setVoteDelay::vote` Users opted to vote for Killed Gauages will be forced to voting Delays.

in `BribeRewarder::_modify()` the check of the ownership of the `tokenId` with `msg.sender` as the passed parameter will make `voter::vote()` always revert

unchecked (finished `lockDuration` of `mlumStaking` positions) during `vote()` opening up the ability to double vote with same funds in the same period.

Pools should be compatible with weird `ERC20` behaviours, `MasterChefV2` is incompatibile with Rebasing tokens leading to bad consequences.