Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

PerpetualVault can be completely bricked

getExecutionGasLimit() reports a lower gas limit due to gasPerSwap miscalculation

Functions that rely on chainlink prices cannot be queried on avalanche due to sequencer uptime check.

Incorrect Token Price Validation in KeeperProxy

Protocol Recovery Mechanism at Risk Due to Unhandled Token Transfer Failures

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Multiple instances where Vault's `totalAssets()` is not properly scaled to ZAROS precision

Underflow when updating credit delegation will result protocol DoS

Vaults weth reward is not distributed correctly

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

Fee Recipient Shares Cannot Be Decreased When Total Fee recipients’s share is at Max Limit

Refund Underflow in Swap Refund Logic Leading to Locked Funds

Wrong values of newly added `vault`

Lack of credit capacity update from VaultRouterBranch::deposit causes DOS in CreditDelegationBranch::depositcreditformarket

`checkFeeDistributionNeeded` Will Not Work With Low Decimal Assets

Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency

No Mechanism to Remove Fee Recipients Can Lead to Failed Reward Distributions

rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc

`initiateSwap` allows users to initiate swap even when the vault is paused

Lack of an update of the pool state will cause Initiate Swap to return an incorrect Amountout

Total debt used in fulfiling swap actions is wrong because we did not update the vault.

Auction is using push over pull

If all leverage tokens are redeemed, new ones can't be issued

Out-of-Bounds Array Access in `_calculateQuantAMMVariance` with Odd Number of Assets and Vector Lambda

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

`setUpdateWeightRunnerAddress` could break the protocol

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Missing Router Update Mechanism in StrategyMainnet Contract

Old router retains token allowance after update

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

MarketPlace Change In Vesting Manager, Leads To Loss Of Previous MarketPlace Listing

Creator of one vesting plan can affect vesting plans created by other users.

`buyFee` And `sellFee` Should Be Known Before Purchase

Incorrect referral fee calculations

Anyone can remove lender and borrowers from MarketRegistry

`generateOrderId` will generate the same id

Pending orders in `OracleLess` can dos the system

`updateDownsideProtected` could be updated by anyone

`withdrawInterest` can't withdraw from the protocol the `totalInterestFromLiquidation`

`StrikePrice` should be based on `StrikePercent`

Malicious user can benefit from `redeemUSDT`

During withdraw in borrow, downsideProtected is not deducted

`lastEventTime` is not set during liquidate and is set before `calculateCumulativeRate` in the withdraw

`optionsRenewedTimeStamp` is not used during the calculation of downsideProtected

`verify` in CDS is vulnerable to replay attack

Multiple problems during `liquidationType2`

Minting zero tokens when underlyingToken is not Ether in cashIn()

Anyone can call `LamboRebalanceOnUniwap.sol::rebalance()` function with any arbitrary value, leading to rebalancing goal i.e. (1:1 peg) unsuccessful.

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

`LamboRebalanceOnUniswap::_getTokenInOut` formula used to compute rebalancing amount is wrong for a UniV3 pool

Reward is not updated during `removeOriginalAllocation`

No protection implemented against listing clone NFTs

Subtraction in `variance()` will revert due to underflow

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

Platform fees withdrawal will sweep oracle agents earned fees

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

Update state requests or Purchase requests occurring at the end of the phase will not process

Inaccurate best response selection in `LLMOracleCoordinator::getBestResponse`.

Sequential Fee Calculations Lead to Lost Platform Revenue Due to Precision Loss

Consensus Mechanism Allows Participation Of Voters With Insufficent Stake

`SablierFlowBase` Lacks `EIP-165` Compliance for `EIP4906` Interface Support

Remove splitter will always revert if there are some rewards left on splitter contract

Removed vaults still remain valid in `OperatorVCS`

[WithdrawalPool.sol] Prevent efficient return of data in getBatchIds() by blocking updateWithdrawalBatchIdCutoff() update of newWithdrawalIdCutoff

Unrestricted Changes to Token Settings Allow Artists to Alter Critical Features

Signature replay in `createArt` allows to impersonate artist and steal royalties

Cred creator could stuck funds

LockedEth has a stale value

Functions can be call by anyone, rewards will be lost

Roles can be invoked, but not revoked

Availability of deposit invariant can be bypassed

DOS attack to SwapAction.transferAndSwap() when using an ERC20 permit transferFrom.

AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Inadequate Checking of `isIncreasing` when trader adjusts position size

`SettlementBranch._fillOrder` does not guarantee the collateral of a position is enough to pay the future liquidation fee.

`LiquidationBranch::checkLiquidatableAccounts()` executes `for` loop with wrong values, causing array out of bounds to be recovered, the program will not work as expected

Deleting CollateralTypes from the CollateralLiquidationPriority allows traders to be liquidated for free and getting back their full collateral as if they were not liquidated.

Modify is not working correctly

Vote function will never work

Loss of funds bribe rewarder

`addToPosition` could be call by anyone

Vultisig whitelisting can be bypassed by anyone

Vultisig should be burnable

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Availability of deposit invariant can be bypassed

DOS attack to SwapAction.transferAndSwap() when using an ERC20 permit transferFrom.