executeMintToTreasury incorrectly deducts the treasury shares from totalSupply reserve

Interest rates are updated wrongly due to incorrect debt shares used.

In execute repay function updation of interests will be incorrect.

getSupplyBalance returns wrong amount of assets

Incorrect value of debt is accessed in executeLiquidationcall function

reserves state of pool in which the vault has position is not updated before accruing fees shares.

assets are not withdrawn fully if allocation to that reserve is zero in reallocate function

_accrueRewards function in Comptroller.sol uses outdated value of globalTotalStaked variable.

Interest amount is not scaled which can cause various accounting issues.

In debtWriteOff function _totalStaked variable is reduced by unscaled amount.

In vouchFaucet value of claimedTokens[token][msg.sender] is never set.

claim function in PerAddressTrancheVestingMerkleDistributor.sol will always revert thus causing user to never claim their tokens.

`pointsSum.slope` Not Updated After Nominee Removal and Votes Revocation

Removed nominee doesn't receive staking incentives for the epoch in which they were removed which is against the intended behaviour

In retain function checkpoint nominee function is not called which can cause zero amount of tokens being retained.

Unstake function reverts because of use of outdated/stale serviceIds array

checkpoint function is not called before staking which can cause loss of rewards for already staked services.

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Players can gain more NFTs benefiting from that past remainder in subsequent locks

swapETHForYt would always revert due to a wrong check in receiveFlashLoan function.

Stake limit is is updated by wrong amount for some cases.

collectionReferrerShare is not given to the right referrer when tokenId is minted.

mintBatch mints more tokens than the amount on which the fees was applied.

Whenever a new work is added to a existing edition it overrites the referrers[editon] value which denies the previous referrer from fees which he should recieve.

mintBatch function will revert because it tries to pay excess fees than intended which won't be present in the contract.

_refundExcess implements wrong logic

transferWork can change the creator of a work to different address but the mint fees is still transferred to the old address.

_totalSupply reduced by wrong amount for some cases

_writeCheckpoint function is called with wrong amounts for a user if some tokens have already been withdrawn.

claim function is vulnerable to reentrancy attack

There is error in creating Redeem Request when owner and receiver are not same which can lead to irredeemable shares

_transferTokenInAndApprove function in VaultZapper.sol checks if condition for wrong address

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

depositETHIntoMultipleRounds function allows depositing zero amount of eth in some rounds.

A spender(operator) cannot request withdraw on behalf of the client due to a error in values

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

LendingTerm::debtCeiling() can return wrong debt as the min() is evaluated incorrectly

Protocol mints less rsETH on deposit than intended