Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Vaults weth reward is not distributed correctly

Lack of credit capacity update from VaultRouterBranch::deposit causes DOS in CreditDelegationBranch::depositcreditformarket

Mismatched slippage precision during deposit results in incorrect assertion of min-shares minted

`initiateSwap` allows users to initiate swap even when the vault is paused

Protocol allows creating broken tricrypto CPMM pools

Logical error in `validate_fees_are_paid` can cause a DoS or allow users to bypass fees if `denom_creation_fee` includes multiple coins including `pool_creation_fee` and the user attempts to pay all fees using only `pool_creation_fee`

User cannot claim rewards or close_position, due to vulnerable division by zero handling

Farms can be created to start in past epochs

Wrong simulation function used in reverse operation path

Penalty fees can be shared among future farms or expired farms, risks of exploits

Single sided liquidity can't be used to lock LP tokens in the farm manager

Subtraction in `variance()` will revert due to underflow

BuyerAgent Batch Purchase Failure Due to Asset Transfer or Approval Revocation

Ownership transfer grants former Swan contract owner continued `operator` privileges

Users are incorrectly refunded when liqudity is insufficient

_onTransferReceived() does not work as intended

Tokens are pulled from users without verifying pool status contrary to requirement

Incorrect slippage handling in `swap_internal()`

settlement.cairo doesn't process callback correctly leading to CrossChainMsgStatus marked as SUCCESS even if it failed on destination chain

SettlementSignatureVerifier is missing check for duplicate validator signatures

In Starknet already processed messages can be re-submitted and by anyone

handler's `receive_cross_chain_callback()` will always set the tx_status to `SETTLED` on source chain & burn the tokens (MintBurn Mode) even when the msg fails on destination

A cross-chain message can be initiated with invalid parameters

inconsistency in sender address when creating cross chain messages on Starknet can lead to loss of funds

Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement

Missing `ERC20Method` validation at destination allows non-transfer tx to be handled as transfers.

Excessive Authority Granted to Managers in the `ckr_btc.cairo` Contract Presents Significant Management Risks

Users are incorrectly refunded when liqudity is insufficient

_onTransferReceived() does not work as intended

Tokens are pulled from users without verifying pool status contrary to requirement

Incorrect slippage handling in `swap_internal()`

Signature replay in `createArt` allows to impersonate artist and steal royalties

`PhiFactory:claim` Potentially Causing Loss of Funds If `mintFee` Changed Beforehand

Attacker can DOS user from selling shares of a credId

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

Incorrect Check in closeBidOffer function

Validation of `collateralRate` in `PerMarkets::createOffer` function

CreateOffer allows eachTradeTax to be 100% ( 10000 bp ) violating code assumptions

Missing validation in `PreMarkets.abortBidTaker()` leading to funds lock.

The user will be able to close Bid Offer even in case if marketplace is not in BidSettling

The maximum number of generations is infinite

Number of entities in generation can surpass the 10k number

Forger Entities can forge more times than intended

Pause and unpause functions are inaccessible

Incorrect logic for checking isFillPriceValid

Wrong parameter passed in `TradingAccount::deductAccountMargin` function that results in excess margin withdrawal

An Uninitialized Variable In The `MarketConfiguration::update` Function Causes The `PrepMarket::getIndexPrice` Function To Revert

UpgradeBranch.sol does not use _disableInitializers()

Trading accounts can exceed the maximum number of allowed open positions.

Settlement fills liquidatable Market Orders

Potential `EIP712` violation in multiple cases

Reallocation depends on the slot0 price, which can be manipulated.

incorrect price for negative ticks due to lack of rounding down

`updateIRMParams` does not call `applyInterestForToken` before updating `irmParams` which leads to incorrect calculation of interest rate for subsequent trades.

Vaults can become immune from liquidation by setting `vault.recipient` to a blacklisted quote token address

Chainlink's `latestRoundData` might return stale or incorrect results

Lack of slippage and deadline during withdraw and deposit

In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true

It is possible to open insolvent position is Silo connector, due to missing check in borrow function

The `TVLHelper.sol#getTVL` function is DOSed by the `under collateralized connector`, and as a result, many parts of the protocol may be DOS.

Missing calls to `_updateTokenInRegistry` leads to incorrect state of tokens in registry

Incorrect modifier condition

Stale price can be used in `getValueFromChainlinkFeed` function

Noya is not compatible with tokens whose balance changes outside of transfers causing funds to get stuck in the contract

Registry deletes liquidity positions without verifying complete withdrawal.

No incentive to liquidate small positions could result in protocol going underwater

V3Utils.execute() does not have caller validation, leading to stolen NFT positions from users

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Anyone can call the burn function in SmartVaultV3.sol

`costInEuros` calculation will incur precision loss due to division before multiplication

Accidental `renounceOwnership()` call can disrupt key operations in multiple contracts.