payWithERC20 would be used to drain contracts token approvals

A single validators can reach consensus on `postBatch` by duplicating votes

feeTransfer failing for any receiver would DoS `postResult` allowing the `requestor` to reclaim all fees through refund for request which has been served.

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

`BaseGauge` users can claim rewards without staking

Gauge period cannot be updated

Wrong use of the `GaugeController::typeWeights` multiplier in `GaugeController::_calculateReward` causes a reduction in gauge rewards instead

`GaugeController` does not send funds to FeeCollector disrupting fees distribution and causing loss of funds

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Treasury Balance Tracking Bypass in FeeCollector

Gauge rewards are not transferred to gauge when distributeRewards() is called

Missing StabilityPool Integration in `mintRewards` Function

LendingPool deposits do not work with CurveVault due to lack of funds

Insufficient Balance Validation in BaseGauge Can Lead to Reward Insolvency

Token Accounting Mismatch Between tick() and mintRewards() in RAACMinter

Missing Controller Functions in GaugeController

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

TokenManager - Unlimited withdraw

Pause and unpause functions are inaccessible

Insufficient checks to confirm the correct status of the sequencerUptimeFeed

incorrect price for negative ticks due to lack of rounding down

Liquidity manipulation is possible when trading

`_getReferencePoolPriceX96()` will show incorrect price for negative tick deltas in current implementation cause it doesn't round up for them

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Unauthorized Access to setCurves Function

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

Missing deadline check allow pending transactions to be maliciously executed

No incentive to liquidate small positions could result in protocol going underwater

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Borrower can drain all funds of a sanctioned lender

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Incorrect flag results to _hasFallbackToggled always set to false on createMultipleSettlement.

Message channels can be blocked resulting in DoS

Missing adjustments on `allocator.voiceCredits` allows bypassing `maxVoiceCreditsPerAllocator`

Fee on Transfer tokens are incorrectly accounted in `_fundPool`

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

If a winner is blacklisted on any of the tokens they can't receive their funds

Proposals which intend to send native tokens to target addresses can't be executed

missing check for the max/min price in the `chainlinkOracle.sol` contract

accrueInterest is expected to revert when the rate is higher than the maximum allowed rate, which is possible since the utilization can be more than 1

Constructor of `Escrow` should make sure that `buyer`, `seller`, `arbiter` are different from each other.

Reentrancy in `USDO.flashLoan()`, enabling an attacker to borrow unlimited USDO exceeding the max borrow limit

TOFT and USDO Modules Can Be Selfdestructed

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

Cancelled order should not send tokens to recipient.

Removing a BribeFlywheel from a Gauge does not remove the reward asset from the rewards depo, making it impossible to add a new Flywheel with the same reward token

Missing unwrapping of native token in RootBridgeAgent.sweep() causes fees to be stuck

Multiple issues with decimal scaling will cause incorrect accounting of hTokens and underlying tokens

deposit gas through depositGasAnycallConfig should not withdraw the nativeToken

Missing check for stale/incorrect price from chainlink pricefeed.

No checks if Arbitrum sequencer is down in Chainlink feeds

WBTC uses wrong pricefeed

Missing access control on `mintRebalancer` and `burnRebalancer`

using spot price could lead to price manipulation.

Lack of slippage protection

Missing check for stale/incorrect price from chainlink pricefeed.

Position NFT can be spammed with insignificant positions by anyone until rewards DoS

function `restructureCapTable()` in Equity.sol not functioning as expected