Unchecked `deposit_token` Allows Malicious Token Substitution During Withdrawals

Inadequate User Verification Allows Unauthorized Token Redirection

When reListing, Fees are Wrongly also Refunded For Liquidation Listings

Incorrect Checkpoint Index Handling When Timestamps Match Between Updates

Compounded Factor Miscalculated Due to Improper Interest Rate Scaling

L1 to L2 Token Transfers Always Fail Due to Alias Address Check Error

Faulty Exemption Check Prevents Fee Removal and Correct Fee Application in `UniswapImplementation`

Users Can Block the Owner from Executing a Collection Shutdown by Creating Listings

An Attacker can Cancel Any Accounts Group thus DoSing Supposed Valid Txns

Error in `PositionBalanceConfiguration::getSupplyBalance`

Inconsistent Borrow Shares Handling Prevents Full Debt Repayment

Flawed Treasury Share Handling Could DoS Some Users from Withdrawing

Erroneous Debt Share Handling in Liquidation Logic

Inclusion of Unrecognized Assets in Position Health Checks Leads to Inaccurate Assessments and Potential DoS

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

Deposits will always revert if the amount being deposited is less than the bufferToFill value

After ITO Ends, Users Claimable `$ZVE` Tokens are Prone to Manipulation

Revoking a Schedule Will DoS Some Withdrawals

Users Never Lose Their Assigned Weight After Their Vesting Schedule is Revoked

`ema` is miscalculated during the first yield distribution

Deposited Rewards Could Be Stuck

Strict Allowance Check Could Brick a Major Functionality in `OCL_ZVE`

The Highest Bidder Can Maliciously Cancel His Bid Just Before Closing the Auction

Signatures can be replayed in `withdraw()` to withdraw more tokens than the user originally intended.

The top tier prover can not re-prove

StableCoin BlackListing Feature is Ineffective

Flaw in Cross-Chain Approval System Raises Risk of Unauthorized Token Transfers

Exercising Options In a destination Chain for Some msg Type is Impossible

Incorrect `tapOft` Amounts Will Be Sent to Desired Chains on Certain Conditions

`mTOFT::wrap` Function, Doesn't Work Rightly When Wrapping Native Tokens

MIssing Admin Setters for `_pause()` and `_unpause()`

Flawed Initialization in `BigBang` Contract: `minMintFeeStart` Exceeds `maxMintFeeStart`

Underflow Vulnerability in `Market::_allowedBorrow` Function: Oversight with Pearlmit Allowance Handling

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Fighter created by mintFromMergingPool can have arbitrary weight and element

When `DecentBridgeExecutor.execute` fails, funds will be sent to a random address

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Anyone can steal all distributed rewards

There is no way to liquidate a position if it breaches maxDebtPerCollateralToken value creating bad debt.

SurplusGuildMinter.getReward() is susceptible to DoS due to unbounded loop

Approved address can approve other addresses for an owner's safe

SafeHandler contract doesn't have any method to call to `ODSafeManager.allowHandler()`, lead to DOS in some function

Decimal Limitation in CamelotRelayer and UniV3Relayer Contract Deployment

Incorrect source address decoding in RootBridgeAgent and BranchBridgeAgent's _requiresEndpoint breaks LayerZero communication

Message channels can be blocked resulting in DoS

`ArbitrumBranchBridgeAgent::_performFallbackCall` Function Does Not Refund Users Their Excess Native Gas Deposit

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

The RdpxV2Core contract allows anyone to call redeem tokens even if the contract is paused.

User can avoid paying high premium price by correctly timing his bond call

Users may be forced into long lock times to be able to undelegate back to themselves.

Delegated votes are locked when owner lock is expired

Proposals which intend to send native tokens to target addresses can't be executed

An Attacker Can Perform A Griefing Attack on Margin Trading Users by Exploiting the `executeOperation` Function and Using the Margin Trading Contract as the Receiver Address