UniswapPriceOracle.validatePrice() TWAP Calculation Flaw

Variable Overwrite in checkPoolAndGetCenterPrice() Creates Dead-Code Deviation Check, Leaving All V3 Protocol-Owned Liquidity Operations Unprotected

Services can earn undeserved rewards by manipulating checkpoint timing during reward droughts

Balancer oracle deadlock from cumulative price weight

Uniswap oracle validateprice can be griefed per block via `sync()`

BuilderWallet `init()` is unprotected/re-initializable, enabling takeover and theft of builder fees

Self-settlement via `dispatchFrom` bypasses refund mechanism allowing underfunded debt settlement

Withdrawing just before a bad debt event can increase losses for remaining liquidity providers

`dispatchFrom()` Liveness DoS via `StaleOracle`: Spot Price Manipulation Blocks Liquidations, Force Exercises, and Premium Settlements

Commission Share-Burn Distribution is JIT-Capturable When `builderCode == 0` (Default)

Borrower can extract unbacked Coin at the expense of the protocol

A single borrower being written off will create unbacked stablecoins for all users

Missing access control in `WERC7575Vault` allows unauthorized withdrawals

The unregistering of vaults can be DoSed by a malicious user.

Stale Redemption Liabilities Lead to Leveraged Losses for Remaining Shareholders and Potential Denial of Service

Missing slippage protection in Uniswap V3 liquidity operations

Oracle `sanePrice` does not guard from manipulations after time has passed

Missing tranche update in `extendDeposit` causes loss of stake tracking and rewards

Duplicate tranche tracking

Global Variable Manipulation During Active Draw Alters End Result

Incorrect ticket price reference in JackpotBridgeManager causes user overpayment after price updates

Small stakers can be unable to claim rewards due to an attack

Frontrunning `processRewards` allows attacker to capture unintended rewards

Same heartbeat for multiple price feeds is vulnerable

Multiple Delegation by Double Spending Boosts and Lack of Delegation Tracking in BoostController Contract

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

Lack of enforcement of the `MAX_TOTAL_LOCKED_AMOUNT`

Overwriting Previous Allocations in allocateFunds May Lead to Loss of Cumulative Allocation Data

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`