Attacker can reenter to mint all the collection supply

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

Auction payout goes to AuctionDemo contract owner, not the token owner

All tokens can be stolen from `VirtualAccount` due to missing access modifier

The peg stability module can be compromised by forcing lowerDepeg to revert.

Missing slippage parameter on Uniswap `addLiquidity()` function

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

Proposal requiring native coin transfers cannot be executed

PartyB can withdraw funds if it got suspended.

function lockQuote increments nonce incorrectly

Missing deadline checks allow pending transactions to be maliciously executed.

A number of similar problems with contracts that are supposed to interact with Oracles.

getPriceUSD() function in StableOracleDAI contract calculates price of WETH with inverted data.

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

Bio Protocol - `tokenURI` JSON injection

Fee on transfer token not supported