Unnecessary condition in _resetVestingPlans prevents vesting adjustments

Initialization of SymmVesting fails due to nested initializer modifier

Incorrect Tick Upper Value in Strategy::collectFees Can Cause Revert

Mismatch between requested and stored token amount in Launch::updateParticipation

Out-of-Bounds Array Access in `_calculateQuantAMMVariance` with Odd Number of Assets and Vector Lambda

Critical: Malicious user can delete all Users Deposited Liquidity.

Owner fee will be locked in `UpliftOnlyExample` contract due to incorrect recipient address in `UpliftOnlyExample::onAfterSwap`

GradientBasedRules will not work for >=4 assets with vector lambdas

“Uplift Fee” Incorrectly Falls Back to Minimum Fee Due to Integer Division

Transferring deposit NFT doesn't check if the receiver exceeds the 100 deposit limit

If main oracle is removed from approved list it will keep returning not stale but invalid data (0 value)

incorrect length check in `_setGradient` will DOS manual setting of `intermediateGradientState` after pool initialization

Inconsistent timestamp storage when the LPNFT is transferred.

Incorrect event emitted in `setUpdateWeightRunnerAddress()` function

Inconsistent event data in `WeightsUpdated` emissions

Duplicate orderId Risk in OracleLess, Bracket, and StopLimit Contracts

Vulnerability in OracleLess, Bracket, StopLimit: Modify cancelled/filled orders

Malicious users can sell tokens of others in OracleLess

Arbitrary execution in OracleLess::fillOrder enables token theft

DOS vulnerability in OracleLess due to unbounded pending orders

Incorrect interest handling in Treasury::withdrawInterest function

Denial of Service on MultiSign::executeSetterFunction

Missing logic in VVVVCTokenDistributor::claim enables attackers to steal user funds

Incorrect withdrawal fee calculation in UsualX::withdraw function

Remove splitter will always revert if there are some rewards left on splitter contract

Inability to Reclaim Assets and Draw Raffle Winner due to BoostCore Ownership

Protocol Fee Receiver bypassed due to lack of Referral Fee Validation in BoostCore

Users Lose Funds When Cancelling Collection Shutdown

Users can't claim ETH after the collection has been shut down and fully liquidated due to unsafe casting

Previous beneficiaries cannot claim tokens when `BaseImplementation::beneficiaryIsPool` is updated to true

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

[H-01] Auction tokens will be lost forever when auction ends without bids

TokenManager - Unlimited withdraw

Native token withdrawal fails until manually approved

`listOffer` Unsafely References Fungible Identifiers