Launch.sol :: updateParticipation() uses `refundCurrencyAmount` instead of `request.tokenAmount` to update the user's position, leading to incorrect accounting.

AutomationMaster.sol :: generateOrderId() can produce the same orderId for different orders.

OracleLess.sol :: cancelOrder() users can steal funds from the contract by first canceling an order and then modifying it.

FluidLocker.sol :: _getUnlockingPercentage() always returns the same percentage, regardless of the unlockPeriod, causing users with longer unlock periods to pay the same amount of taxes as those with shorter periods.

EthosAttestation.sol :: archiveAttestation()/restoreAttestation() deleted addresses from the profile can still archive and restore attestations.

clawback() cannot be called, preventing the owner from withdrawing the funds from the contract.

ManagedBudget.sol :: allocate() will always revert when using Fee-on-Transfer (FoT) tokens.

WinnablesTicketManager.sol :: withdrawETH() if a raffle is canceled and refundPlayers() is called, not all the funds from the next ticket sales can be withdrawn, resulting in some of the funds being permanently stuck in the contract.

WinnablesPrizeManager.sol :: withdrawToken() if the raffle token is LINK, it can be stolen, resulting in the winner receiving nothing and the admin collecting the profits from ticket sales without any cost.

LenderCommitmentGroup_Smart :: burnSharesToWithdrawEarnings() If a malicious lender burns their shares sequentially in small amounts can extract extra rewards at the expense of other lenders.

StakingRewardsManager.sol :: topUp() The tokens to fund the staking contracts are sended to an incorrect contracts.

CouncilMember.sol :: Burning a NFT impossibilities minting new NFTs (DOS).

TrufVesting.sol :: claim() In the initialReleasePeriod an attacker can steal all the funds from the contract.