Attacker Can Disrupt Reward Periods to Reduce Legitimate Users' Rewards

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Incorrect Token Allocation in `updateParticipation`

Incorrect Token Limits Checks in `updateParticipation` Allows Excess Tokens and, Disallow Legit Participation Update

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Inclusion of fees in `marketFunds` leads to insolvent market operations

User is Unable to Reclaim Vote After Collection Shutdown is Canceled

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

Incorrect Handling of Last Nominee Removal in `removeNominee` Function

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

User can get their Kerosene stuck because of an invalid check on withdraw

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Attacker Can Frontruns User's Withdrawals To Make Them Reverts Without Costs

Inadequate Handling of BUIDL Redemption Limit in OUSG Instant Manager

The `BURNER` cannot burn tokens from accounts not KYC verified due to the check in `_beforeTokenTransfer`.

Pool Creation Failure Due to WETH Transfer Compatibility Issue on Some Chains

Incorrect __Essential_init() function is used in TaikoToken making snapshooter devoid of calling snapshot()

V3Vault is not ERC-4626 compliant

PrincipalToken is not ERC-5095 compliant

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

Distribution can be bricked, and double claims by a few holders are possible when owner calls `LiquidInfrastructureERC20::setDistributableERC20s`

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`

Soft Restricted Staker Role can withdraw stUSDe for USDe

``FULL_RESTRICTED`` Stakers can bypass restriction through approvals

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Incorrect source address decoding in RootBridgeAgent and BranchBridgeAgent's _requiresEndpoint breaks LayerZero communication

Message channels can be blocked resulting in DoS

V3Proxy swapTokensForExactETH does not send back to the caller the unused input tokens

Token guardian protection doesn't account for approved operators in `approve()`

Tapioca Bar: Unusable Market Add Functions in Penrose Contract

Users can create extra ENS records at no cost

transfer() depends on gas consts

Use of `payable.transfer()` may lock user funds

Use a safe transfer helper library for ERC20 transfers