`removeValueSingle` will undercharge fees to withdrawing users

Attacker will drain excess tokens from the vault

IBC channel version negotiation bypass in IBC hooks middleware

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

The proposal expiration logic is incorrect

Incorrect request type in oracle currency pairs query whitelist breaks price discovery

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

Incorrect referral fee calculations

maxSellPercent can be buypassed by selling previously bought vestings at a later time

Minting zero tokens when underlyingToken is not Ether in cashIn()

Calculation for `directionMask` is incorrect

Wrong simulation function used in reverse operation path

The `bankBalance` function failed to handle errors correctly.

`ChakraSettlement.receive_cross_chain_msg` and `ChakraSettlement.receive_cross_chain_callback` functions do not ensure that receiving `ChakraSettlement` contract's `contract_chain_name` must match `to_chain` corresponding to respective `txid` input though

update_emergency_council_7_D_0_C_1_C_58() updates nft manager instead of emergency council

_onTransferReceived() does not work as intended

Contract `PhiNFT1155` can't be paused

Incorrectly assigned `decimal1` parameter upon decoding

The maximum number of generations is infinite

Wrong minting logic based on total token count across generations

There is no slippage check in the `nuke()` function.

Availability of deposit invariant can be bypassed

Discrepency b/w the `lastRewadTime` and the `lastAllPoolUpdate` can allow for incorrect reward distribution to pools if `registerRewardDeposit` deposits less assets

Incorrect address is used as `spender` for ERC20 permit signature verification

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Single plot can be occupied by multiple renters

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Incorrect Comparison Logic in Post-Operation Checks

Fragmentation fee is not taken if user compensates with newly created position

incorrect price for negative ticks due to lack of rounding down

Liquidity manipulation is possible when trading

Missing `notShutdown` modifier in `claimPrize`

Availability of deposit invariant can be bypassed

Discrepency b/w the `lastRewadTime` and the `lastAllPoolUpdate` can allow for incorrect reward distribution to pools if `registerRewardDeposit` deposits less assets

Incorrect address is used as `spender` for ERC20 permit signature verification

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Lack of slippage and deadline during withdraw and deposit

`totalAssets()`, and thus `convertToShares()` and `convertToAssets()`, may revert, in violation of ERC-4626

`Keepers` does not implement EIP712 correctly on multiple occasions

The `colRedeemed` variable is wrongly retrieved in `LibBytes::readProposalData` function

Unchecked return value bug on `TransferHelper::_safeTransferFrom()`

Creation of token whitelisting proposals can be DOS'd