Max-transfer window reset blocks liquidity

Compromised signer will execute unauthorized actions

Disallowed token permanently locks existing balances

Transfer whitelist blocks good transfers and allows bad ones

Incorrect Token/Amount in Cross-Chain Liquidation Repayment

# Flawed Logic in Borrow Function's Secondary Liquidity Check

`removeValueSingle` protocol fee bypass allows users to withdraw full amount (no tax deducted)

Netting Bug in E4626.sol commit Function

Edge case breaks APR cap calculation and leads to excessive fee extraction from the pool

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

Voting Power Snapshot Missing

Missing Vote Frequency Control in GaugeController

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting

Cordinated group of attacker can artificially lower quorum threshold during active proposals forcing malicious proposals to pass without true majority support.

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Ineffective proposal threshold validation allows setting arbitrary high values

The Aave pool is hardcoded

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Inverted Price Staleness Check in PythOracle Accepts Stale Prices

Denial of Service Risk due to Improper Use of `safeApprove()`

`withdraw_liquidity` lacks slippage protection

SettlementSignatureVerifier is missing check for duplicate validator signatures

_onTransferReceived() does not work as intended

Signature replay in `createArt` allows to impersonate artist and steal royalties

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

`SwapAction.sol#balancerSwap` does not support native ETH as input token.

User may lose funds when creating Nexus account or executing user operations

Incorrect Loop Counter Increment in `ReseedField` Contract

`BeanL1RecieverFacet#recieveL1Beans()` would never work

Incorrect Handling of Last Nominee Removal in `removeNominee` Function

incorrect price for negative ticks due to lack of rounding down

Liquidity manipulation is possible when trading

Chainlink's `latestRoundData` might return stale or incorrect results

Chainlink connector doesn’t check for the Min / Max prices returned