User can override the `deployWorkerAddr` and not submit a deployment proof

Incorrect Token Price Validation in KeeperProxy

Protocol Recovery Mechanism at Risk Due to Unhandled Token Transfer Failures

WSTETH is not supported by the protocol

User can always inflate the `totalSellReserveAmount` variable to block the auction from being ended

USDC blacklist may be a problem in Auction

Precision loss in `Pool::getRedeemAmount` will result in users redeeming less collateral than they should

User can cancel his order and then call modify order to get even more funds

User can brick the `Bracket` contract by inputing malicious `txData`

NFT buyer will never receive his receipt NFT after `buyOrder::sellNFT` function

Nobody can buy the `TaxTokenReceipt` NFT from auction

`BuyOrder` is not compliant with `TaxTokenReceipt`

Malicious seller of receipt token is able to control the corresponding veNFT after a sell

Subtraction in `variance()` will revert due to underflow

`hashProposal` is not compliant with EIP-712

Incorrect Fee Handling Prevents Protocol from Updating Fees

Availability of deposit invariant can be bypassed

AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards

Incorrect calculation of `newCumulativeIndex` in function `calcDecrease`

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Absence of deflationary rebasing tokens protection in `BaseRewarder`

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

StakingToken.sol doesn't properly handle FOT, rebasing tokens or those with variable which will lead to accounting issues downstream.

Availability of deposit invariant can be bypassed

AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards

Incorrect calculation of `newCumulativeIndex` in function `calcDecrease`

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

[M-1]

[H-2]

[H-3]

Owner of a position can prevent liquidation due to the 'onERC721Received' callback

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.