Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

Attackers can steal the funds by creating orders with the same order id.

Incorrect staleness check in the `PythOracle::currentValue` function may return stale price or make the transaction revert.

`ReputationMarket::buyVotes` function doesn't account `marketFunds` correctly

Anyone can call `VVVVCTokenDistribution::claim` function by utilizing `ClaimParams` signed by the `signer`

Incomplete TVL Calculation in `AerodromeConnector::_getPositionTVL` Function.

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used

Base tokens like USDT, USDC having different decimals on different chains can have their TVL updated incorrectly

It is possible to open insolvent position is Silo connector, due to missing check in borrow function

The modifier `onlyExistingRoute` works incorrectly

Attacker can increase the length of `withdrawQueue` by withdrawing 0 amount of tokens frequently

Incorrect modifier condition

Balancer flashloan contract can be DOSed completely by sending 1 wei to it

Dust donation might DOS all connectors to create new holding positions, by preventing removing existing holding positions

Protocol mints less rsETH on deposit than intended

Redemptions are inconsistent with other cdp's operations