claimRefund() can be frontruned, allowing an attacker to steal the tokens if it is called by a bot.

GatewayTransferNative.sol :: withdrawToNativeChain() if the native token is used to perform a swap during the cross-chain withdrawal, the transaction will always revert.

GatewayTransferNative.sol :: withdrawToNativeChain() if the input token is the native token (ZETA), users will avoid paying fees.

GatewaySend.sol :: onRevert() if a native token is used and the cross-chain transaction reverts, the tokens will be permanently locked in the contract.

Attackers can maliciously inflate total_supply temporarily to exceed utilization rate limit and push the pool towards 100% util rate, potentially causing a loss of lender funds

VirtualGenesisDAO.sol :: earlyExecute() proposals can be executed two times.

Genesis.sol :: onGenesisSuccess() users may lose their unclaimed agentTokens if a second launch occurs before they’ve claimed their rewards from the first

Launch.sol :: updateParticipation() uses `refundCurrencyAmount` instead of `request.tokenAmount` to update the user's position, leading to incorrect accounting.

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Owner fee will be locked in `UpliftOnlyExample` contract due to incorrect recipient address in `UpliftOnlyExample::onAfterSwap`

“Uplift Fee” Incorrectly Falls Back to Minimum Fee Due to Integer Division

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Creator of one vesting plan can affect vesting plans created by other users.

Incorrect listing type validation bypasses enforcement of minimum purchase amount

Incorrect listing type validation bypasses enforcement of minimum purchase amount

Malicious users can drain funds

Malicious users can steal funds from contracts

Order performers can drain funds from contracts

Malicious users can steal other users' funds via approval.

Cancel order can be dos in OracleLess

Missing lastEventTime update in liquidate()

Incorrect liqIndex in sendForLiquidation function

Option expiry time does not work

odosAssembledData can be manipulated

Borrowers can earn more profit via manipulating the strikePrice

downsideProtected does not work for borrowers

Abond holders can lose their liquidation gain

Missing totalAvailableLiquidationAmount update when cds owner withdraw.

Lack of access control for function updateDownsideProtected()

USDT token can be drain via manipulating the usdt/usda price

cds owners can withdraw more than expected via manipulating excessProfitCumulativeValue

Lack of lastEthPrice sync between different chains

Missing usdaCollectedFromCdsWithdraw update in withdrawUserWhoNotOptedForLiq

Incorrect usdaToTransfer calculation when cds owners withdraw

Incorrect deducted cds deposit amount in withdrawUser

Liquidated position by liquidation type 2 can be withdrawn

Some liquidated collateral will be locked

Possible failure to sync global data

Borrowers can manipulate volatility to pay less option fees

Borrowers will get more normalizedAmount than expected.

Lack of Ether refund to users

Borrowers can pay less borrow interest because of `lastEventTime` early update in _withdraw

Liquidation may be reverted when LTV is high

Missing lastEthprice update in depositTokens

Incorrect totalVolumeOfBorrowersAmountinWei update in withdraw()

Lack of transfer Ether from the treasury to borrowLiquidation

Non-functional wrapper in BorrowLiquidation

Incorrect margin calculation in liquidationType2

Incorrect short position sizeDelta calculation

sUSD will be locked in the borrowLiquidation

One part of protocol profit will be locked in the treasury

cds owners may fail to withdraw

Lack of access control for executeSetterFunction function.

Missing cds deposit amount in swapCollateralForUSDT

AutomationMaster.sol :: generateOrderId() can produce the same orderId for different orders.

OracleLess.sol :: cancelOrder() users can steal funds from the contract by first canceling an order and then modifying it.

Minting zero tokens when underlyingToken is not Ether in cashIn()

Minting zero tokens when underlyingToken is not Ether in cashIn()

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

Reward Redistribution for Previous Vouchers on Vouch Increase

FluidLocker.sol :: _getUnlockingPercentage() always returns the same percentage, regardless of the unlockPeriod, causing users with longer unlock periods to pay the same amount of taxes as those with shorter periods.

Auction can not work well with TaxTokensReceipt because of TaxTokensReceipt's transfer limitation

BuyOrder can not work well with TaxTokensReceipt

wantedToken NFT will be locked in buyOrder

Incentivized token may be locked in the DebitaIncentive contract

Lenders or borrowers may lose their expected bribe rewards

Lend offer can be deleted multiple times

Lend offer can be deleted multiple times

Borrowers need to pay more interest than expected because of precision loss

Lenders may lose some interest when borrowers extend their loan.

Borrowers may fail to extend their loan in some cases.

Incorrect feeOfMaxDeadline calculation in extendLoan

Borrowers may fail to extend loans because of the incorrect minFEE

Lenders or borrowers may fail to claim collateral after the auction is finished

buyOrder can be deleted twice

NativeMetaTransaction.sol :: executeMetaTransaction() failed txs are open to replay attacks.

Lack of update rewards in removeOriginalAllocation

Incorrect withdraw fee calculation in withdraw

Compromised address can still invite users and do some key operations

EthosAttestation.sol :: archiveAttestation()/restoreAttestation() deleted addresses from the profile can still archive and restore attestations.

Wrong handling of call data check indices, forcing it sometimes to revert

Improper liquidity calculation in V3AMO's _addLiquidity()

Improper price check can cause _unfarmBuyBurn dos

Not compatible getReward with Aerodrome

Improper calculation order cause the serious precision loss

Approval operation will be reverted if usd token is USDT in Ethereum

The fee for the protocol in the function RamsesV3Pool::flash() if not calculated correctly

clawback() cannot be called, preventing the owner from withdrawing the funds from the contract.

ManagedBudget.sol :: allocate() will always revert when using Fee-on-Transfer (FoT) tokens.

Lack of delete `_listings[_collection][_tokenId]` in reserve

Incorrect index return in _createCheckpoint

Users may lose their ERC721 token if they unlockProtectedListing token with _withdraw = false

users can sandwich rewards because of unused donateThresholdMax

The initial liquidity provider will lose their position

Incorrect compound factor calculation

Missing update `_isLiquidation` in relist

The liquidation list owner may receive some tax refund

Borrowers can avoid paying borrowing interest via adjustPosition

Users' voting token in CollectionShutdown will be locked when we cancel this shutdown flow

Refund does not work in initializeCollection

Fail to start one shut down flow if the collection was shut down before.

Traders may decrease their trading loss via mint/burn

Penalized funding received token will be locked in the contract

Malicious actors can manipulate the `cross_chain_callback` callback

Anyone can manipulate user nonce (nonce_manager) in settlement contract

SettlementSignatureVerifier is missing check for duplicate validator signatures

In Starknet already processed messages can be re-submitted and by anyone

handler's `receive_cross_chain_callback()` will always set the tx_status to `SETTLED` on source chain & burn the tokens (MintBurn Mode) even when the msg fails on destination

SettlementSignatureVerifier's required_validators is not updated, resulting in a low or high number of signatures being required

Refunds sent to incorrect addresses in certain cases

WinnablesTicketManager.sol :: withdrawETH() if a raffle is canceled and refundPlayers() is called, not all the funds from the next ticket sales can be withdrawn, resulting in some of the funds being permanently stuck in the contract.

WinnablesPrizeManager.sol :: withdrawToken() if the raffle token is LINK, it can be stolen, resulting in the winner receiving nothing and the admin collecting the profits from ticket sales without any cost.

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Native token withdrawal fails until manually approved

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

The maximum number of generations is infinite

Incorrect Percentage Calculation in NukeFund and EntityForging when `taxCut` is Changed from Default Value

Wrong minting logic based on total token count across generations

Single plot can be occupied by multiple renters

LenderCommitmentGroup_Smart :: burnSharesToWithdrawEarnings() If a malicious lender burns their shares sequentially in small amounts can extract extra rewards at the expense of other lenders.

LibUnripeConvert.sol :: getBeanAmountOut() incorrectly calculates the amount of BEAN.

V3Oracle susceptible to price manipulation

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

The `editPool()` lacks a sanity check on the `payoutStart` parameter leading to incorrect or unfair reward distributions

StakingRewardsManager.sol :: topUp() The tokens to fund the staking contracts are sended to an incorrect contracts.

CouncilMember.sol :: Burning a NFT impossibilities minting new NFTs (DOS).

TrufVesting.sol :: claim() In the initialReleasePeriod an attacker can steal all the funds from the contract.

Auction payout goes to AuctionDemo contract owner, not the token owner

Wrong comment DecentralizedStableCoin.sol