Anyone could call `notifyRewardAmount` to extend the period finish time

`_checkAndHandleBaseTokenPodConfig` function applies the debond fee twice

CDS.sol#updateDownsideProtected - There is a missing access control

`lastCumulativeRate` is incorrectly calculated due to wrong update of the `lastEventTime`

BorrowLib.sol#calculateReturnToAbond - Under some conditions, a higher value will be subtracted from a lower one, breaking the liquidation.

A malicious user can withdrawals another user's money

Missing `lower<upper` check in `mint_position`

swap_2 implementation will randomly revert due to improper check, root cause for failed test ethers_suite_uniswap_orchestrated_uniswap_two

Users can't remove liquidity while a pool is disabled

WinnablesTicketManager.sol#cancelRaffle

WinnablesTicketManager.sol#refundPlayers

WinnablesTicketManager.sol#_checkShouldCancel

BribeRewarder.sol#deposit() will revert because of wrong check

Voter.sol#vote

Possible stuck of funds in BribeRewarder.sol

BribeRewards.sol#claim

MlumStaking.sol#_requireOnlyOperatorOrOwnerOf is improperly implemented

addToPosition #_transferSupportingFeeOnTransfer should be called at the beginning of the function

A malicious user can fill the maximum bribe limit to sabotage pool voting

Vesting.sol#claim() Reentrancy allows a malisious user to drain the contract

TokenSale.sol#claim Incorrect check allows blacklisted users to claim

TokenSale.sol#calculateMaxAllocation() Incorrect return values

V3Oracle susceptible to price manipulation

V3Vault is not ERC-4626 compliant

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Can mint NFT with the desired attributes by reverting transaction

Fighter created by mintFromMergingPool can have arbitrary weight and element

First Liquidity provider can claim all initial pool rewards

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

LendingTerm.sol#_partialRepay() A user cannot partial repay a loan with 0 interest

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Borrower can drain all funds of a sanctioned lender

fee-on-transfer tokens can cause stuck of funds

Cooler#rollLoan anyone can call rollLoan and change the loan terms without borrower agreeing

Incorrectly implemented modifiers in LybraConfigurator.sol allow any address to call functions that are supposed to be restricted