Reward distribution can be indefinitely extended by supplying small amounts of reward token

Vesting plans cannot be resetted upon new addition of SYMM LP tokens

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Minimum and maximum token amount allowed for user is wrongly compared in `updateParticipation`

Token allocation is wrongly updated in `updateParticipation`

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

`Pool.transferReserveToAuction` does not correctly reduce `currentPeriod` to transfer `reserveTokens` to Auction

Precision difference in `getRedeemAmount` results in inaccurate marketRate and redeemRate compairison

Precision loss in `getCreateAmount` and `getRedeemAmount` functions

Inconsistency in `sharesPerToken` values recorded

Excess bids cannot be removed in `Auction.removeExcessBids` if address is USDC blacklisted

Unspent deposit amount is stuck in `BalancerRouter` and not returned to depositor

Listing potential can not be purchased with discounted price

The `PythOracle.currentValue` function always returns outdated prices

Minting zero tokens when underlyingToken is not Ether in cashIn()

Market funds cannot be withdrawn for a profile as fees are not subtracted from `fundsPaid` when they are already applied

`VVVVCTokenDistributor.claim` can be front-run to steal rewards

[M-01] Distribution created with very small amount results in lost in fees for fee recipient and distribution assets for hypervisors