The `inflationMultiplier` of L1 bridge may not be the latest when depositing

`USSD.sol#mintRebalancer` has no access control

`USSD.sol#UniV3SwapInput` has no slippage protection

`StableOracleDAI.sol#ethOracle` is `0` address causing the `getPriceUSD` function unavailable

`StableOracleDAI.sol#getPriceUSD` price calculation error

`USSDRebalancer.sol#getOwnValuation` return the price of DAI while expected USSD

`USSDRebalancer.sol#SellUSSDBuyCollateral` the check of whether collateral is DAI is wrong

`USSDRebalancer.sol#BuyUSSDSellCollateral` has a loss of precision

chainlink `latestRoundData` is not fully checked

`USSDRebalancer.sol#BuyUSSSellCollateral` does not consider that the collateral is DAI, resulting in revert

`USSDRebalancer.sol#SellUSSDBuyCollateral` will not sell any collateral if the `collateralFactor` is too high

Exchange Rate can be manipulated

ShortFall contract might transfer incorrect amount of tokens to the highest bidder.

Borrower can cause a DoS by frontrunning a liquidation and repaying as low as 1 wei of the current debt

It's possible to borrow, redeem, transfer tokens and exit markets with outdated collateral prices and borrow interest

User can avoid bankrupting by calling PositionManager.moveLiquidity where to index is bankrupted index

`FootiumEscrow.sol#setApprovalForXXX` could be used to scam NFT traders

`FootiumEscrow.sol` contract `withdraw` and `transferXXX` function could be front-run to scam traders

`FootiumPriceDistributor.sol#claimERC20Price` function is not using `safeTransfer`

All spell's `closePositionFarm` function can be attacked by sandwich attack

`ChainlinkAdapterOracle.sol#getPrice` function does not check `sequencerUptimeFeed`

Previous audits issue #212 is not effectively fixed

`JUSDBank.sol#withdraw` can be exploited to bypass `maxColBorrowPerAccount`

`SwapperFactory.sol#isSwapper` function cannot verify the validity of swapper

`commitCollateral` can be called any number of times by anyone

`LenderCommitmentForwarder.sol#updateCommitment` function can change the lender to someone else

The calculation time methods of `calculateNextDueDate` and `_canLiquidateLoan` are inconsistent

[H-06] Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF

Can't pause or remove a minter

Challengers and bidders can collude together to restrict the minting of position owner

function `restructureCapTable()` in Equity.sol not functioning as expected

Incorrect protocol fee is taken when changing NFTs

Royalty recipients will not get fair share of royalties

Reward accounting is incorrect in BathBuddy contract

Fee inclusivity calculations are inaccurate in RubiconMarket

Zero reward rate calculation impedes low-decimals token distributions

Attack on rounding errors to get risk free profit

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

Incorrect reward duration extension in notifyRewardAmount function

Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed

Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

Users can end up buying and paying for a different Tray than the one they were trying to acquire

Bio Protocol - `tokenURI` JSON injection

`addBlackList` function can be frontrunned to transfer assets in advance

The late deposit in `Carousel` contract can be used to avoid deposit fee

Deposits that have already been mint in the `rolloverQueue` can still be delisted, resulting in the deposits of other users not being mint

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

Updating a pool's total points doesn't affect existing stake positions for rewards calculation

[High] `registerTrustedNode` should be controlled by `Governance` identity instead of `owner`