Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

ERC-20 Allowance Bypass: Spender Can Force Sender to Pay Extra Fees Beyond Approved Amount

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Faulty debt balance calculation prevents users from repaying their debt

Violators will continue to earn rewards on their outdated debt balance post liquidation

Debt shares are mistaken for debt assets during liquidations

Pending interest from pools not accounted for during vault operations

Interest rates are severely underestimated after every liquidation

Interest rates are overestimated after every repayment

Repayments via the `NFTPositionManager` will be blocked for reserves that have pending interest

Size uses wrong source to query available liquidity on Aave, resulting in borrow and lend operations being bricked upon mainnet deployment

Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

Users' newly created positions can be prematurely closed and removed from the vault directly after they are created

Incorrect bad debt accounting can lead to a state where the `claimFeesBeneficial` function is permanently bricked and no new incentives can be distributed, potentially locking pending and future protocol fees in the `FeeManager` contract

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

The creation of bad debt (`mark-down` of Credit) can force other loans in auction to also create bad debt

Over 90% of the Guild staked in a gauge can be unstaked, despite the gauge utilizing its full debt allocation

Incorrect calculations in debtCeiling

Malicious borrower can decrease Guild holders reward