Future integrations requiring `mintBatch()` will be broken

L1 data fees are not reimbursed

Two Pyth prices can be used in the same transaction to attack the LP pools

Whale LPs can make the admin's risk control parameters ineffective

SpotHedgeBaseMaker uses the wrong oracle for non-evm/non-erc20 markets

Attackers can create positions that have no incentive to be liquidated

Price band caps apply to decreasing orders, but not to liquidations

Withdrawal caps can be bypassed by opening positions against the SpotHedgeBaseMaker

Attackers can sandwich their own trades up to the price bands

No slippage control on maker LP `deposit()`/`withdraw()`

Reservation price does not take into account the size of the order

Borrow fees can be arbitrarily increased without the maker providing any value

High risk checks can be bypassed with extra `calldata` padding

Post-proposal vote quorum/threshold checks use a stale total supply value

High-risk actions aren't all covered by the existing checks

Vaults can be bricked by `selfdestruct()`ing implementations, using forged immutable args

User migration does not migrate unclaimed rewards

`ARBTriCryptoOracle` is vulnerable to read-only reentrancy

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

Protocol fees can become trapped indefinitely inside Talos vault contracts

Pool amount adjustments for collateral decreases aren't undone if swaps are successful

Swaps associated with position orders will use the wrong price

Limit swap orders can be used to get a free look into the future

`initialCollateralDeltaAmount` is incorrectly interpreted as a USD value when calculating estimated remaining collateral

Stop-loss orders do not become marketable orders

Users can get impact pool discounts while also increasing the virtual impact pool skew

Virtual swap balances don't take into account token prices

Virtual swap impacts can be bypassed by swapping through markets where only one of the collateral tokens has virtual inventory

Limit orders can be used to get a free look into the future

Pool value calculation uses wrong portion of the borrowing fees

Accounting breaks if end market appears multiple times in swap path

Fee receiver is given twice the amount of borrow fees it's owed

Collateral cannot be claimed due to inverted comparison condition

Collateral cannot be claimed because there is no mechanism for the config keeper to change the claimable factor

User-supplied slippage for decrease orders is ignored

Malicious revert reasons with faked lengths can disrupt order execution

Limit orders are broken when there are price gaps

Keepers can be forced to waste gas with long revert messages

ADL operations do not have any slippage protection

Tracking of the latest ADL block use the wrong block number on Arbitrum

Users that have to claim collateral more than once for a time slot, may get the wrong total amount

Collateral tokens that cannot be automatically swapped to the PnL token, cannot have slippage applied to them

Virtual impacts can be trivially bypassed via structuring

Fee receiver does not get paid when collateral is enough to cover the funding fee, during liquidation

Market orders lose submitted prices if markets are temporarily disabled

Missing checks for whether Arbitrum Sequencer is active

Oracles are vulnerable to cross-chain replay attacks

Missing checks for whether a position is still an ADL candidate

PnL is incorrectly counted as collateral when determining whether to close positions automatically

Trades in blocks where the bid or ask drops to zero will be priced using the previous block's price

Positions cannot be liquidated once the oracle prices are zero

Position fees are still assessed even if the ability to decrease positions is disabled

Global position-fee-related state not updated until _after_ liquidation checks are done

Slippage is not respected if PnL swap associated with a decrease order fails

Limit orders are unnecessarily delayed by a block

Malicious order keepers can trigger the cancellation of any order, with old blocks

Single-sided deposits that are auto-adjusted may have their collateral value cut in half

Orders with single-sided deposits that are auto-adjusted, always revert

Orders with single-sided deposits that are auto-adjusted, always revert part 2

When underlying collateral tokens are paused, orders can't be canceled

Positions can still be liquidated even if orders to prevent it can't execute

Insufficient funding fee rounding protection

Unnecessary loss of precision

Gas spikes after outages may prevent order execution

Insufficient oracle validation

`EmptyFeedPrice` will cause orders to be canceled

Delayed orders won't use correct prices

Negative prices will cause old orders to be canceled

Liquidation shouldn't be used to close positions that were fully-collateralized prior to collateral requirement changes

A single precision value may not work for both the min and max prices

Order creation does not ensure the market is enabled

Protocol fees can be withdrawn multiple times in `Erc20Quest`

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

[WP-H1] Wrong timing of check allows users to withdraw collateral without paying for the debt

The `pay()` function can still be DOSed

Blocklisted addresses can be used to trigger defaults

Loans can be rolled an unlimited number of times

BNB collateral will be locked in the contract

DAI/gOHM exchange rate may be stale

Dust amounts can cause payments to fail, leading to default

The Notional version of `lend()` can be used to lock iPTs

Illuminate's PT doesn't respect users' slippage specifications for underlyings

Protocol fees not taken on premium

SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps

Inflation of ggAVAX share price by first depositor

Hijacking of node operators minipool causes loss of staked funds

Users may not be able to redeem their shares due to underflow

wrong reward distribution between early and late depositors because of the late syncRewards() call in the cycle, syncReward() logic should be executed in each withdraw or deposits (without reverting)

Anyone can prevent themselves from being liquidated as long as they hold one of the supported NFTs

During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used

Interactions with AMMs do not use deadlines for operations

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

address.call{value:x}() should be used instead of payable.transfer()

Illuminate PTs can be used to mint other Illuminate PTs

APWine PT redemptions can be blocked forever

Illuminate redemptions don't account for protocol pauses/temporary blocklistings

Illuminate's PT doesn't respect users' slippage specifications

Sense PTs can never be redeemed

Users can mint free Illuminate PTs if underlying decimals don't match external PTs

`IAPWineRouter` can be used to lock all protocol fees

ERC777 transfer hooks can be used to bypass fees for markets that support Swivel

The Pendle version of `lend()` uses the wrong function for swapping fee-on-transfer tokens

Notional PT redemptions do not use flash-resistant prices

Sense PT redemptions do not allow for known loss scenarios

Fee-on-transfer underlyings can be used to mint Illuminate PTs without fees

Wrong Illuminate PT allowance checks lead to loss of principal

Holders of worthless external PTs can stick other Illuminate PT holders with bad debts

Tempus lending only works with unlimited slippage

There can only ever be one market with USDT as the underlying

`Vault` early user attack prevention can be circumvented

Funds may become locked if a plugin is blocklisted, or LINK is paused

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

frxETHMinter: Non-conforming ERC20 tokens not recoverable

Variable balance token causing fund lock and loss

The reveal process could brick if `randProvider` stops working

Possible centralization issue around RandProvider

Token amounts over `type(uint128).max` are lost forever

No support for fee-on-transfer tokens

`payable().transfer()` is used to transfer Eth

Signature malleability not protected against

Nonces not used in signed data

Cross-chain replay attacks are possible with `changeRecipientAddress()`

NFTs may be lost due to non-safe transfers

Prices using wrong decimals returned for some Chainlink oracles

First depositor can break minting of LPToken shares

Balances of rebasing tokens aren't properly tracked

Prices for ERC4626 tokens are not flash-loan-resistant

"TWAP" used is an observation-weighted-average-price, not a time-weighted one

No Cap on Amount of VOTES means the `voter_admin` can get any proposal to pass

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

FraxlendPair#setTimeLock: Allows the owner to reset TIME_LOCK_ADDRESS

Fraxlend pair deployment can be front-run by a custom pair deployment

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol

transfer() depends on gas consts

Use of `payable.transfer()` may lock user funds

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Juicebox project owner can create a honeypot to cause grief

Lack of check on `mustStartAtOrAfter`

Use a safe transfer helper library for ERC20 transfers

Code credits fee-on-transfer tokens for amount stated, not amount transferred

processFees() may fail due to exceed gas limit

An attacker can create a short put option order on an NFT that does not support ERC721(like cryptopunk), and the user can fulfill the order, but cannot exercise the option

Put option sellers can prevent exercise by specifying zero amounts, or non-existant tokens

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Unbounded loops may cause `exercise()`s and `withdraw()`s to fail

Options with a small strike price will round down to 0 and can prevent assets to be withdrawn

Putty position tokens may be minted to non ERC721 receivers

`Twav.sol#_getTwav()` will revert when timestamp > 4294967296

Removal of liquidity from the reserve can be griefed

Withdrawals initiated after cycle withdrawal request won't be withdrawn in the correct cycle

Lender: no check for paused market on mint

`_harvest` has no slippage protection when swapping `auraBAL` for `AURA`

`NestedFactory` does not track operators properly

Accumulated ETH fees of InfinityExchange cannot be retrieved

There are multiple ways for admins/governance to rug users

Admin Privilege in minting to arbitrary address allows operator to dilute tokens

`VE3DRewardPool` and `VE3DLocker` adds to an unbounded array which may potentially lock all rewards in the contract

Missing sane bounds on asset weights

Users can get unlimited votes

Voting tokens may be lost when given to non-EOA accounts

Bribe.sol is not meant to handle fee-on-transfer tokens

RubiconRouter _swap does not pass whole amount to RubiconMarket

RubiconRouter: Offers created through offerWithETH() can be cancelled by anyone

RubiconRouter.swapEntireBalance() doesn't handle the slippage check properly

USDT is not supported because of approval mechanism

Inconsistent Order Book Accounting When Working With Transfer-On-Fee or Deflationary Tokens

RubiconRouter: Excess ether did not return to the user

Admin rug vectors

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

RubiconRouter maxSellAllAmount does not trasnfer user's fund into its address, causing calls to always revert

Wrong DOMAIN_SEPARATOR

Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter

hard-coded slippage may freeze user funds during market turbulence

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

`processYield()` and `distributeYield()` may run out of gas and revert due to long list of extra rewards/yields

Users may lose rewards to other users if rewards are given as fee-on-transfer tokens

`AuraBalRewardPool` charges a penalty to all users in the pool if the `AuraLocker` has been shut down

Users can grief reward distribution

[WP-H0] Fake balances can be created for not-yet-existing ERC20 tokens, which allows attackers to set traps to steal funds from future users

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

Owner can set the feeRate to be greater than 100% and cause all future calls to `exercise` to revert

Vaults steal rebasing tokens' rewards

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

User's may accidentally overpay in `buyOption()` and the excess will be paid to the vault creator

MerkleVesting withdrawal does not verify that tokens were transferred successfully

SpeedBumpPriceGate: Excess ether did not return to the user

Rebasing tokens go to the pool owner, or remain locked in the various contracts

Unbounded loop in `withdraw()` may cause rewards to be locked in the contract

Pool owners can prevent the payment of taxes

Pool owners can prevent withdrawals of specific receipts

Merkle-tree-related contracts vulnerable to cross-chain-replay attacks

amount requires to be updated to contract balance increase (1)

ERC20 tokens with different decimals than 18 leads to loss of funds

Owner of a pool may prevent any taxes being withdrawn

Chainlink pricer is using a deprecated API

Use of `.send()` May Revert if The Recipient's Fallback Function Consumes More Than 2300 Gas

Critical variables shouldn't be changed after they are set

IERC20.transfer does not support all ERC20 token

Admin drains all ERC based user funds using withdrawERC20()

Validators can cause transactions where they are not the one being paid the fees, to revert

_depositAmount requires to be updated to contract balance increase

Yield source does not correctly calculate share conversions

Owner or Managers can rug Aave rewards

The return value `success` of the get function of the INFTOracle interface is not checked

Lender is able to seize the collateral by changing the loan parameters

Customers cannot be `topUp()`ed a second time

Chainlink's latestRoundData might return stale or incorrect results

Lack of `safeApprove(0)` prevents some registrations, and the changing of stakers and LP tokens

`call()` should be used instead of `transfer()` on an `address payable`

`FlywheelCore.setBooster()` can be used to steal unclaimed rewards

Chainlink's latestRoundData might return stale or incorrect results

Inactive skipped assets can be drained from the index

Index managers can rug user funds

Funding.deposit() doesn't work if there is no discount set

Stale price used when `citadelPriceFlag` is cleared

Not calling `approve(0)` before setting a new approval causes the call to revert when used with Tether (USDT)

Can force borrower to pay huge interest

Protocol doesn't handle fee on transfer tokens

Div by 0

Past state query results are susceptible to manipulation due to multiple states with same block number

Users with large `cooldown`s can grief other users

Withdrawal delay can be circumvented

QTokens with the same symbol will lead to mistakes

Owners have absolute control over protocol

Incompatibility With Rebasing/Deflationary/Inflationary token

[WP-H1] Wrong timing of check allows users to withdraw collateral without paying for the debt

The `pay()` function can still be DOSed

Creators can steal sale revenue from owners' sales

Exchange does not split royalty revenue correctly

Not compatible with Rebasing/Deflationary/Inflationary tokens

Schain owners can rug pull users' funds

TokenManagerERC20.sol uses transferFrom() instead of safeTransferFrom()

SafeERC20.sol is imported but not used in the transferBribes() function

[WP-H0] `DEFAULT_ADMIN_ROLE` of `BribeVault` can steal tokens from users' wallets

`NestedFactory` does not track operators properly

Reentrancy allows commenter to overwrite own comments

Funding.deposit() doesn't work if there is no discount set

Stale price used when `citadelPriceFlag` is cleared

USDMPegRecovery Risk of fund locked, due to discrepancy between curveLP token value against internal contract math

Fee-on-transfer token donations in `Shelter` break withdrawals

[ConcurRewardPool] Possible reentrancy when claiming rewards