Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Adversary can win proposals with voting power as low as 4%

Ineffective proposal threshold validation allows setting arbitrary high values

SettlementSignatureVerifier's required_validators is not updated, resulting in a low or high number of signatures being required

The maximum number of generations is infinite

Wrong minting logic based on total token count across generations

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Multiplication Overflow Leading to Memory Corruption and Incorrect Register Write-Back

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Availability of deposit invariant can be bypassed

`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used

Incorrect modifier condition

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

removedLiquidity can be underflowed to lock other user's deposits

Freezed Chain will never be unfreeze since `StateTransitionManager::unfreezeChain` is calling `freezeDiamond` instead of `unfreezeDiamond`.

Wrong global lending limit check in `_deposit` function

Risk of Insufficient Gas Allocation in Asset Contract

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Fighter created by mintFromMergingPool can have arbitrary weight and element

Users will lose their cross-chain transaction if the destination router do not have enough WETH reserves.

Unwhitelisting does not clear _arbitrageProfits, so re-whitelisting may result in an unfair distribution of liquidity rewards.

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

onBalanceChange causes previously unclaimed rewards to be cleared

Bidder can use donations to get VerbsToken from auction that already ended.

LendingTerm.sol#_partialRepay() A user cannot partial repay a loan with 0 interest

removedLiquidity can be underflowed to lock other user's deposits

Allocation of Voice Credits Implementation is done Wrongly

Improper precision of strike price calculation can result in broken protocol

Users may be forced into long lock times to be able to undelegate back to themselves.

`MagnetarV2#burst` double counts `msg.value` for `TOFT_WRAP` operation, making the transaction revert unless the user overpays