Incorrect `error` revert in `_matchNettedFlows()` function

Loss of royalty payments in `ERC721Bridgable.sol` due to no implementation of receive() function

User can reject the `withdrawalId` due to use of `_safeMint()` in `requestWithdrawal()` function

Potential reentrancy in `collectWithdrawalFees()` function due to violation of CEI

No slippage or deadline control while swapping in `_redeemCtDsAndSellExcessCt()` leads to loss of funds

Chainlink oracle will return the wrong price if the aggregator hits minAnswer

Protocol functions is incompatible with USDT due to lack of 0 approval

The Pausable functionalit of `SuperPool.sol` contract is useless as its not used on contracts functions

Possible loss of funds, transfer functions can silently fail

`ERC1155Voucher.onERC1155BatchReceived()` does not check the caller is the valid token therefore any unregistered token can invoke `onERC1155BatchReceived()`

`VaultBitcoinWallet` contract can not disable `relayersWhitelist` via `toggleRelayersWhitelistEnabled()` function

Claimable gauge distributions are locked when `killGaugeTotally()` is called in `Voter.sol`

In `Pair.sol`, First liquidity provider of a stable pair can DOS the pool

Incorrect access control on removeSafe()

use deprecated `this` in calculating `domainSeparator()`

`AtomWallet.execute()` should be `payable`

Missing events for functions that change critical parameters in `EthMultiVault.sol`

Incorrect misleading comment

When redeem shares, maxRedeem of user is not checked

Incorrect misleading comment for `redeemAtom()` function

low level staticcall return value is not checked

Missing events for deposit and withdraw functions accessed by vault

`transfer` return value is not checked, use `safeTransfer()` instead

`OwnableUpgradeable` is not initialized in `LenderCommitmentGroup_Smart.sol`

Incorrect consideration of Ethereum block time

Fee on transfer tokens are not supported by protocol functions

weird behaviour of `restricted` modifier

`requestNonce` must be initialize in `initialize()` function

Incorrect `event` emission in `accept_ownership()` function

V3Oracle susceptible to price manipulation

`GaugeFactoryUpgradeable.setDistribution()` would revert due to incorrect access control

Missing events for functions that change critical parameters

Incorrect condition for `lookback3InDays` in `validate()`

Incorrect consideration of `ONE_YEAR` leading to incorrect `APR RESTRICTION_FACTOR` and `PRECISION_FACTOR_YEAR`

Unhandled chainlink revert would lock price oracle access in `EthXSpotOracle.sol.getPrice()

Permanent pause of `GemJoin` contract will break contracts functionality

Use safeTransfer() instead of transfer()

In `HATKlerosV2Connector.sol`, call() should be used instead of transfer() in `notifyArbitrator()`

Using `slot0` for `sqrtPriceX96` in order to calculate amount could lead to price manipulation

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

A malicious early depositor can manipulate the `LP-Token` price per share to take an unfair share of future user deposits

UUPSUpgradeable vulnerability in OpenZeppelin Contracts

Missing `deadline` param in `swapExactAmountOut()` allowing outdated slippage and allow pending transaction to be executed unexpectedly.

create methods are suspicious of the reorg attack

Liquidators can be tricked to operate with LiquidationPairs that were deployed using the LiquidationPairFactory but they configured the LiquidationSource as a fake malicious contract

missing check for the max/min price in the `chainlinkOracle.sol` contract

Missing deadline checks allow pending transactions to be maliciously executed

Missing check for active Arbitrum Sequencer

boreWell can be frontrun/DoS-d

There is a vulnerability in the executeFlashloan function of the PeUSDMainnet contract. Hackers can use this vulnerability to burn other people's eUSD token balance without permission

In Oracle.sol, Chainlink's latestRoundData might return stale or incorrect results(with chainlink reference)

Missing check for active Arbitrum Sequencer

Unhandled chainlink revert would lock price oracle access

approve function can fail for non standard ERC20 tokens like USDT

Use safeTransfer() instead of transfer()

In D3VaultFunding.sol and D3VaultLiquidation.sol contracts, Multiplication after Division can cause larger Precision loss

Chainlink's `latestRoundData` may return stale or incorrect result

Wrong consideration of blockformation period causes incorrect votingPeriod and votingDelay calculations

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

Lack of slippage protection can lead to significant loss of user funds

Protocol fees can become trapped indefinitely inside Talos vault contracts

Chainlink's latestRoundData might return stale or incorrect results

Missing check for active Arbitrum Sequencer

Missing deadline checks allow pending transactions to be maliciously executed

Chainlink's latestRoundData might return stale or incorrect results

Missing check for active Arbitrum Sequencer

Using deprecated Chainlink function latestAnswer()

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`