An attacker can crash the cluster system by sending an HTTP request with a huge timeout

Message channels can be blocked resulting in DoS

If RootBridgeAgent.lzReceiveNonBlocking reverts internally, the native token sent by relayer to RootBridgeAgent is left in RootBridgeAgent

addGlobalToken() localAdress could be overwritten

Ability to steal user funds and increase collateral share infinitely in BigBang and Singularity

Incorrect solvency check because it multiplies collateralizationRate by share not amount when calculating liquidation threshold

Funds are locked because borrowFee is not correctly implemented in BigBang

[MC01] Market liquidations can revert due to arithmetic underflow

All liquidated collateral can be stolen from Singularity and Big Bang

Overpaying remaining gas to the user or failing anyExecute call due to incorrect gas unit calculation in BranchBridgeAgent

The difference between gasLeft and gasAfterTransfer is greater than TRANSFER_OVERHEAD causing `anyExecute` to fail always

MIN_FALLBACK_RESERVE (in BranchBridgeAgent) doesn't consider the actual gas consumption in AnyCall contracts which let the user underpay the actual cost when replenishing the execution budget

Cross-chain messaging via Anycall will fail

Unstaking `vMAIA` tokens on the first Tuesday of the month can be offset

The user is enforced to overpay for the fallback gas when `retryDeposit`

Replenishing gas is missing in `_payFallbackGas` of RootBridgeAgent

User can exponentially increase the value of their position through the memorializePositions function

The lender could possibly lose unclaimed rewards in case a bucket goes bankrupt

Incorrect calculation of the remaining updatedRewards leads to possible underflow error

PositionManager's moveLiquidity can freeze funds by removing destination index even when the move was partial

Transferring ERC20 tokens which return a bool value and don't revert on failure will cause loss of funds for the receiver

Use safemint instead of mint for ERC721 FootiumClub

PrivatePool owner can steal all ERC20 and NFT from user via arbitrary execution

The `royaltyRecipient` could not be prepare to receive ether, making the `sell` to fail

Loss of funds for traders due to accounting error in royalty calculations

`changeFeeQuote` will fail for low decimal ERC20 tokens

An attacker can manipulate the preDepositvePrice to steal from other users.

The NFT (collateral) could possibly get stuck in the protocol in some cases

User can lose up to whole stake on vault withdrawal when there are funds locked in the strategy

Denial of liquidations and Redemptions by borrowing all reserves from AAVE

accruePremiumAndExpireProtections is vulnerable to DDoS

Missing validation of snapshotId makes it possible for the investor to claim unlocked capitals from the same snapshot multiple times

Calculating the claimable amount across all locked capitals for a given seller and a lending pool returns only the amount of the last unlocked capital

LES (Light Ethereum Subprotocol) doesn't forward the transaction to the sequencer

Attacker can take loan for Victim

Wrong starting price when listing on Seaport for assets that has less than 18 decimals

Anyone can wipe complete state of any collateral at any point

Lack of StrategyDetailsParam.vault validation allows the borrower to steal all the funds from the vault

Improper validations in Clearinghouse. possible to lock collateral NFT in contract.

Arbitrary transactions possible due to insufficient signature validation

Replay attack (EIP712 signed transaction)

Destruction of the `SmartAccount` implementation

SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps

[Medium-3] Non-compliance with EIP-4337

Collateral NFT deposited to a wrong address, when transferred directly to `PaprController`

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

First depositor can break minting of shares

The recipient receives free collateral token if an ERC20 token that deducts a fee on transfer used as baseToken

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

Reward tokens mismanagement can cause users losing rewards

Direct theft of buyers ETH funds.

Public to all funds escape

Borrower/Lender excessive ETH not refunded and permanently locked in protocol