No slippage protection for Market functions

The price of rsEHT could be manipulated by the first staker

Single host can unfairly skip veto period for proposal that does not have full host support

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Auction winner can prevent payments via `safeTransferFrom` callback

users still forced to follow previously set cooldownDuration even when cooldown is off (set to zero) before unstaking

Malicious users can front-run to cause a denial of service (DoS) for StakedUSDe due to MinShares checks

`create2WithStoredInitCode()` does not revert if contract deployment failed

First depositor can break minting of liquidity shares in GeVault

Tokens can be stolen from other users who have approved Magnetar

Potential 99.5% loss in `emergencyWithdraw()` of two Yieldbox strategies

token mights stuck in MagnetarMarketModule contract if the asset doesn't support cross-chain operation

`MagnetarV2#burst` double counts `msg.value` for `TOFT_WRAP` operation, making the transaction revert unless the user overpays

`StargateStrategy#_withdraw`: ether becomes trapped in the contract whenever a user withdraws

`StargateStrategy#_currentBalance` calculation is incorrect and may lead to DoS

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

Some actions inside MagnetarV2.burst will not work because msg.value is used inside delegate call

Potential loss of value in YieldBox's `depositETHAsset()`

[HB09] `emergencyWithdraw` on all strategy contracts useless without a pause mechanism

It is not possible to execute actions that require ETH (or other protocol token)

Chainlink's `latestRoundData` may return stale or incorrect result

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

RestakeToken function is not permissionless

Lack of slippage protection can lead to significant loss of user funds

Protocol fees can become trapped indefinitely inside Talos vault contracts

Chainlink's `latestRoundData` may return stale or incorrect result

Chainlink aggregators return the incorrect price if it drops below `minAnswer`

Missing check if Chainlink sequencer is down

Missing deadline checks allow pending transactions to be maliciously executed

Incorrect initialization of `ethOracle`

Anyone can arbitrarily inflate the USSD `totalSupply` and cause DoS

Chainlink's latestRoundData return stale or incorrect result

Oracles will return the wrong price for asset if underlying aggregator hits minAnswer

Use of deprecated Chainlink functions

Risk of silent overflow in reserves update

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

Updating a pool's total points doesn't affect existing stake positions for rewards calculation

Use OpenZeppelin's `SafeERC20` library for ERC20 token transfers

Protocol safeguards for time durations are skewed by a factor of 7. Protocol may potentially lock NFT for period of 7 years.

GovNFT: maxBridge has no effect

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

Manager can get around min reserves check, draining all funds from Collateral.sol

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

ETH will get stuck if all NFTs do not get sold.