no bidder has incentive to bid the Auction except doing last-minute MEV due to fixed endBlock

Access control vulnerabilities on USSD.mintRebalancer() and USSD.burnRebalancer()

Lack of safeguards in USSD.UniV3SwapInput()

Chainlink price feed is not sufficiently validated and can return stale price

StableOracleWBTC's Dependency on BTC/USD Chainlink Oracle: Risk of Mispricing WBTC in Event of Depegging

Risk of Incorrect Asset Pricing by StableOracle in Case of Underlying Aggregator Reaching minAnswer

Exchange Rate can be manipulated

A staker with verified over-commitment can potentially bypass slashing completely

Later borrowers will pay less interest compared to earlier borrowers over the same period

repayLoanMinimum() and repayLoan() do not check if loan has been defaulted and collaterals claimed by the lender

EMI last payment not handled perfectly could lead to borrower losing collaterals

Later challengers can bid on the previous challenge to extend the expiration time of the previous challenge, so that their own challenge can succeed before the previous challenge and get challenge rewards

POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES

Incorrect protocol fee is taken when changing NFTs

Royalty recipients will not get fair share of royalties

Flash loan fee is incorrect in Private Pool contract

Incorrect fee handling in Position.sol's Market Buy/Sell functions

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

An attacker can manipulate the preDepositvePrice to steal from other users.

No slippage protection on `stake()` in SafEth.sol

Residual ETH unreachable and unuitilized in SafEth.sol

Normal users could be inadvertently grieved by the withdrawn ratios check

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

Use of hard coded decimals of 18 for collateral token

First deposit can be exploited to break share calculation

Front-runnable `approve()`

Users choosing not to claim rewards when withdrawing LP tokens could reap higher rewards later

`_accumulateExternalRewards()` could turn into an infinite loop if the check condition is true

Double-entry point (Two Address) token might raise some issues

First vault depositor can steal other's assets

Fee on transfer token not supported

Fee on transfer tokens will not behave as expected

Fee on transfer tokens will not behave as expected

Liquidity providers may lose funds when adding liquidity

`buy()` in `LPDA.sol` Can be Manipulated by Buyers

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

Calling `updateNodeRunnerWhitelistStatus` function always reverts

Attacker may DOS auctions using invalid bid parameters

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

address.call{value:x}() should be used instead of payable.transfer()

Protocol can be easily rug-pulled by the owner

Wrong balanceOf user after minting legendary gobbler