Incorrect validation logic in the `claimRefund` function allows unauthorized users to claim refunds when `revertMessage` contains a non-20-byte `walletAddress`

Malicious overwrite of refund Information via `onAbort` in ZetaChain Cross-Chain Swap

Missing `accrueInterest` in `redeem` function

Multiple reward claims in `claimLend` function

Incorrect placement of `distributeSupplierLend` in `redeem` function

Multiple Cross-Chain borrows using same collateral

Underestimated Debt After Local Repayment Ignoring Cross-Chain Borrows

User Lockout Due to Invalid Invariant in `borrowWithInterest`

Incorrect maxClose Calculation in Liquidation

Double interest accrual in `borrow` function

Requestor will be able to block identical requests from being processed

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Concurrent Oracle Fulfillments Overwrite House IDs, which leads to Incorrect Pricing

RAACNFT wrongly suppose crvUSD to be equal to 1 dollar

Flash minter will create accounting inconsistencies in internal supply tracking

The false assumption that 1USDC equals 1USD may result in losses to the user or the protocol

Duplicate orders in the same block will overwrite previous orders and lead to token loss for the recipient

Lack of validation in `modifyOrder` allows double refunds, draining protocol funds

Token holder can repeatedly spend ABOND tokens due to incorrect state updates in transferFrom

Attacker will front-run and claim tokens intended for a KYC-verified user

Corruptible Upgradability Pattern

A compromised address does not lose any ability to perform actions on behalf of the profile

Re-registering an address does not remove it from the compromised list

User may lose some rewards due to incorrect accounting

Invariant not met, not all funds will be used for distribution

Incompatibility of required integration with Aerodrome/Velodrome

A malicious user can permanently lock the prizes, exposing the protocol to loss

Attacker can block admin from creating a raffle, potentially disrupting the protocol

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

`Voter.vote` Never succeeds if a bribe is set for the period

`MLumStaking.addToPosition` Has Incorrect Access Control Checks

User Can Self-Revoke Role

Contract Upgrade Pattern may be broken

Lack of Permissions in `AccountFacet.batchUpdateAccountToken()`

Improper Implementation of ReentrancyGuard

Loss Calculation Bug in Request Execution

Improper Removal of Roles in `RoleAccessControlFacet.revokeAllRole()`

`PufETHAdapter` use wrong deposit function signature from outdated depositor interface

Incorrect staking limit check in `RsETHAdapter`

Lack of slippage and deadline during withdraw and deposit

Price arbitrage between different assets supporting a single LRT token

SINGLE STEP OWNERSHIP TRANSFER PROCESS

Bidder can use donations to get VerbsToken from auction that already ended.

Missing checks for whether arbitrum, optimism or polygon Sequencer is active

Incorrect assumptions and calculations about the price of dai/eth

Wrong oracle address WETH/DAI uniswap v3

Lack of checking whether the calculations are based on fresh data from chainlink.

function `restructureCapTable()` in Equity.sol not functioning as expected