Unauthorized Access to setCurves Function

Pre-defined limit is different from the spec.

CHALLENGER_REWARD can be used to drain reserves and free mint

Can't pause or remove a minter

RubiconMarket batchOffer and batchRequote make offers as self; complete loss of funds for some types of tokens, for example WETH

Reward accounting is incorrect in BathBuddy contract

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

DoS due to external call failure

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

vault.changeAdapter can be misused to drain fees

Anyone can reset fees to 0 value when Vault is deployed

Improper validations in Clearinghouse. possible to lock collateral NFT in contract.

Arbitrary transactions possible due to insufficient signature validation

Attacker can gain control of counterfactual wallet

Hijacking of node operators minipool causes loss of staked funds