Uninitialized Fee Recipient Address Causes Permanent Loss of Protocol Fees

Flawed Liquidation Threshold Calculation Allows Underwater Positions to Avoid Liquidation, Leading to Protocol Bad Debt

Functions that rely on chainlink prices cannot be queried on avalanche due to sequencer uptime check.

Cancelling a Flow after a Position Is Created Might Result in Inflation/Deflation of Shares

Remove splitter will always revert if there are some rewards left on splitter contract

Removed vaults still remain valid in `OperatorVCS`

[WithdrawalPool.sol] Prevent efficient return of data in getBatchIds() by blocking updateWithdrawalBatchIdCutoff() update of newWithdrawalIdCutoff

Principal amount of removed operator get's stuck in Chainlink's Staking Contract forever

No way to update unbonding and claim periods

The total amount to be distributed can be manipulated

Attacker Can Reset the Unbonding Period for Vaults in `globalState.curUnbondedVaultGroup`, Preventing User Withdrawals

Incorrect `nextGroupTotalUnbonded` Calculation in `FundFlowController::_getVaultUpdateData` Includes Non-grouped Vaults, Leading to Potential Withdrawal and Deposit Errors

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

Fund Withdrawal Flaw in preMarket Allows Users to Avoid Settlement Obligations

Unnecessary balance checks and precision issues in TokenManager::_transfer

`mulDiv()` can round down to 0 in realistic cases, allowing for tax avoidance

Inadequate Checking of `isIncreasing` when trader adjusts position size

`SettlementBranch._fillOrder` does not guarantee the collateral of a position is enough to pay the future liquidation fee.

Incorrect logic for checking isFillPriceValid

Market Disruption and Financial Loss Post-Liquidation

QA Report - 0xStalin - Low Severities

Attacker can abuse the system by modifying the collateral of pending orders

payable Modifier in TradingAccountBranch::createTradingAccountAndMulticall

When transfering the NFT associated to a TradingAccount, the old owner can grief the new owner by leaving an opened MarketOrder that will be executed even though the old owner is not the owner of the TradingAccount.

Users can be overcharged for orderFees

Loss of Funds to Protocol Due Incorrect Report of Repaid Borrowed Margin

Incorrect Margin Balance Update Leads to Loss of Funds

Sybil attacker to claim more reward fee

Insufficient input validation allows attacker to steal funds by increasing the value of their account

Accounting error due to Execution fee being charged to wrong vault

collateralUserCap is Broken Due Incorrect check

Use of outdated liability value in decreasePosition leads to account error

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Incorrect calculation of amount of EURO to burn during liquidation

`costInEuros` calculation will incur precision loss due to division before multiplication