Arbitrary Parties Can Dilute the Staking Rewards Due to a Missing Access Control

The Imprecise Calculation of the Redeem Rate Results in the Final Amount Being Lower than the Actual Value

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Order ID Collision in `OracleLess.sol` Contract Due to Wrong Sender Address for the Order ID Generation

Minting zero tokens when underlyingToken is not Ether in cashIn()

Pause and unpause functions are inaccessible

Imprecise token age calculation results in an incorrect nuke factor, causing users to claim the wrong amount

Claimable gauge distributions are locked when `killGaugeTotally()` is called in the Voter

DOS Attack by Delegating Tokens at `MAX_DELEGATES = 1024`

The first liquidity provider of a stable pair can DOS the pool

Wrong collection referrer set in `_splitProtocolFee()` leads to wrong and unhandled token distribution

Less base tokens are transferred when selling quote tokens due to the precision loss that occurred in `_GeneralIntegrate()`

Precision loss in the calculation of the fee amounts and fee shares inside the `_preparePool` function of the MainHelper contract

Improper precision of strike price calculation can result in broken protocol

A malicious early depositor can manipulate the `LP-Token` price per share to take an unfair share of future user deposits

Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

Destruction of the `SmartAccount` implementation

Users may not be able to redeem their shares due to underflow

Protocol safeguards for time durations are skewed by a factor of 7. Protocol may potentially lock NFT for period of 7 years.

Unsafe downcasting operation truncate user's input

Solmate's ERC20 does not check for token contract's existence, which opens up possibility for a honeypot attack