More than intended fund will be withdrawn from graduated markets due to wrongly update ````marketFunds```` while ````sellVotes()````

Incorrect address aliasing while deposit transacton by ````onApprove()````

Users can't withdraw funds and fees previously deposited for initializing Uniswap collection pool

````UniswapImplementation.beforeSwap()```` is vulnerable to price manipulation attack

````UniswapImplementation._unlockCallback()```` doesn't refund remaining fund

Admin can't remove any roles once they were set

Potential race conditions due to usage of ````sdk.Context```` in concurrent goroutines

The ````PortfolioVault```` could be drained

The keeper will suffer continuing losses due to miss compensation for L1 rollup fees

Missing compensation for the ````21,000```` intrinsic gas cost

A significant ````105,983```` gas cost of ````processExecutionFee()```` execution is not accounted in the keeper's compensation

Call of ````revokeAllRole()```` would fail silently

````depositReward()```` with zero amount to get reward tokens stuck in ````ZivoeRewards```` contracts

````_totalSupply```` and ````_totalSupplyCheckpoints```` are wrongly updated while ````revokeVestingSchedule()````

Users' votes are not correctly removed while ````revokeVestingSchedule()````

Users can't ````getRewards()```` if any one of reword tokens is paused

Potential damages due to incorrect implementation of the ````ZIP```` algorithm

Price manipulation by swapping any ````baseToken```` with itself

Orders on Optimism chains can not be settled due to revert of ````keep()````

All yield could be drained if users set any ````> 0```` allowance to others

Grief attack on ````Tranche.issue()```` to make users losing partial profit

Bypass vault's ````maxDeposit```` limit to mint extra share tokens and potentially gain huge risk free profit

Attack on ````FeeManager.trackVaultFee()```` to make the IG contract to be bricked

Execution of orders would revert unexpectedly while ````baseFee```` or ````pairBasedFee```` equals to ````MAX_FEE````

The algorithm used for accounting PnL is incorrect

````_globalPositions.marginDepositedTotal```` might be set to a extreme big number

Attackers can deposit nothing to win round

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

Unwhitelisting does not clear _arbitrageProfits, so re-whitelisting may result in an unfair distribution of liquidity rewards.

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unauthorized Access to setCurves Function

Single token purchase restriction on curve creation enables sniping

onBalanceChange causes previously unclaimed rewards to be cleared

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

````VerbsToken.tokenURI()```` is vulnerable to JSON injection attacks

Since art pieces' size is not limited, attacker may block AuctionHouse from creating and settling auctions

Anyone can steal all distributed rewards

The founder would lose the first vesting NFT while ````reservedUntilTokenId >= 100````

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Incorrect source address decoding in RootBridgeAgent and BranchBridgeAgent's _requiresEndpoint breaks LayerZero communication

The ````Anchor```` contract is broken entirely and any funds sent to it would be locked for ever

Wrongly updating ````voiceCreditsCastToRecipient```` in ````_qv_allocate()```` of ````QVBaseStrategy```` contract

````_registerRecipient()```` of ````RFPSimpleStrategy```` always reverts while ````useRegistryAnchor```` enabled

````_distribute()```` of ````RFPSimpleStrategy```` would revert with ````NOT_ENOUGH_FUNDS()```` even if their is enough ````poolAmount```` remaining

Signatures can be replayed in `castVoteWithReasonAndParamsBySig()` to use up more votes than a user intended

SecurityCouncilNomineeElectionGovernor might have to wait for more than 6 months to create election again

````Market```` can't get valid price while oracle's ````granularity > 1````

Keepers will suffer significant losses due to miss compensation for L1 rollup fees

A previously removed ````LMPVault```` can never been added to ````LMPVaultRegistry```` again

Removing more gauge weight than it should be while transfering ````ERC20Gauges```` token

Keepers can steal additional execution fee from users

Reward accounting is incorrect in BathBuddy contract

The ````_matcho()```` is not implemented properly

Zero reward rate calculation impedes low-decimals token distributions

Attack on rounding errors to get risk free profit

The formula used in ````SafeCall.callWithMinGas()```` is wrong

Users' fund might be locked due to improper implemention of ````deposit()```` function

Fund might be locked due to improper implemention of ````triggerEndEpoch()```` function

A malicious admin can steal all users collateral

Protocol fee is overcharged

The ````exchangeRate()```` of ````CompoundProvider.sol```` is not implemented properly

````userRewardDebts```` is wrongly updated while ```` _claimInternalRewards()```` and ````_claimExternalRewards()````

````cachedUserRewards```` has never been cleared

Flashloan attack to get lots of OHM at very low cost

Users may be unable to claim rewards due to removal of reward token

If the strategy incurs a loss the Active Pool will stop working until the shortfall is paid out entirely

The ````callbacks```` are exposed to ````returnbomb```` attack

Attack on ````ErrorUtils```` library

The oracle price could be tampered

Bypass the deposit lock time rule and take risk free premium

The ````accruePremiumAndExpireProtections()```` may be unavailable while there are many buys or under DoS attack

The ````New Protection Rule```` can be bypassed

DoS attack on unbound ````deposits```` array

Arithmetic overflow attack on ````_expiration```` parameter of ````fundBountyToken()````

Attack to block users from ````claimBounty()````

Lost Rewards in MultiRewardStaking Upon Third-Party Withdraw

Staking rewards can be drained

The calculation of ````takeFees```` in ````Vault```` contract is incorrect

`PaprController` pays swap fee in `buyAndReduceDebt`, not user

Reentrancy in buy function for ERC777 tokens allows buying funds with considerable discount

First depositor can break minting of shares

Bypass the maximum PnL check to take extra profit

Incorrect calculation of new price while adding position

reentrancy attack during mint() function in Position contract which can lead to removing of the other user's limit orders or stealing contract funds because initId is set low value

Not enough margin pulled or burned from user when adding to a position

Bypass the delay security check to win risk free funds

Trading will not work on ethereum if USDT is used

`executeLimitOrder()` modifies open-interest with a wrong position value

Governance NFT holder, whose NFT was minted before `Trading._handleOpenFees` function is called, can lose deserved rewards after `Trading._handleOpenFees` function is called

The recipient receives free collateral token if an ERC20 token that deducts a fee on transfer used as baseToken

ETH will get stuck if all NFTs do not get sold.

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

The ````Stream```` contract is designed to receive ETH but not implement function for withdrawal

Anyone can steal CryptoPunk during the deposit flow to WPunkGateway

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

MintableIncentivizedERC721 and NToken do not comply with ERC721, breaking composability

Attack with any USDC blacklisted account

The 'withdraws' queue is susceptible to DDoS attack

Miss to pop cleared 'userDepositsIndex' items

The calculation of ````totalUSDborrowed```` in ````openLoan()```` is not correct

The ````virtualPrice```` is counted less than expected

The 'redeem' related functions are likely to be blocked

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

Price manipulation attack on 'resolveQueuedTrades()' of BufferRouter.sol

The '_openQueuedTrade()' function is susceptible to reentrancy attack

The 'initiateTrade()' function would not work for fee-on-transfer token

[M-01] Bull can gain trading edge by dramatically increasing transaction cost for settlement

[H-01] Bull can replay a settled contract

Direct theft of buyers ETH funds.

The '_executeNonAtomicOrders' function in SeaportProxy.sol may fail unexpectedly

Attacker can steal any funds in the contract by state confusion (no preconditions)

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

The lender can draw out extra credit token from borrower's account

address.call{value:x}() should be used instead of payable.transfer()

Pledge may be out of reward due to the decay in veCRV balance. targetVotes is never reached.

Wrong implementation of function `LBPair.setFeeParameter` can break the funcionality of LBPair and make user's tokens locked

Flashloan fee collection mechanism can be easily manipulated