`maxTokenAmountPerUser` limit can be bypassed when currency token has less decimals than the launch token.

Vaults weth reward is not distributed correctly

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

Large redeems before fee claims reduce collectible fees

BalancerRouter.sol does not return excess user funds at certain conditions.

Anyone can steal USDT from the protocol using the redeemUSDT function.

_calculateMaxBorrowCollateral function will revert in extreme market conditions leading to liquidations.

V3AMO.sol will not work with some of the protocols it is aimed to integrate with.

The protocol is not compliant with ERC-1504

Wrong accounting in case of using stETH as RA due to 1-2 Wei loss per transfer.

Incorrect pointer set in the ```initialize()``` function leads to broken functionality of RedemptionVaultWithBUIDL.sol

The function ```disable_max_lock``` in VotingEscrow.sol doesn't handle the case when the nft being removed is the last item in the array.

Availability of deposit invariant can be bypassed

OpenRelay.sol does not account for the Layer1 gas fees used in the transaction while calculating the fee to be paid to the relayer.

Distribution can be bricked, and double claims by a few holders are possible when owner calls `LiquidInfrastructureERC20::setDistributableERC20s`

Wrong price feed contract address used in the constructor of the StableOracleWBTC.sol.