`FULL_RESTRICTED` users can stake

Inflation attack is possible via direct donations and deposit rewards call

Insufficient slippage protection and the ability for users to increment pool shares via rewared deposits in `PortfolioToken` may result in users receiving fewer portfolio tokens than anticipated.

In `Dinero` withdraw request manager, uint16 `s_batchNonce` can overflow

Dinero `_finalizeWithdrawImpl` incorrectly includes final `batchId`

Malicious users can prevent initialization of Morpho Market

Lack of USDT support when migrating positions

Migrating positions from router A -> B can fail

In `Ethena` withdraw request manager, tokens claimed can be 0 when cool down duration is set to 0

`getVotingPowers` can run OOG and will always revert as number of historical operators grow

Any user can `claimRefund` for another user's reverted transaction in `GatewayTransferNative`

Users can exploit `GatewayTransferNative` during `withdrawToNativeChain` calls to drain funds or cause the protocol to incur losses in fees through direct transfers, as there are insufficient checks to ensure that the provided ZRC20 token address corresponds with the token address used for swapping the output token before initiating the withdrawal process to the destination chain.

Users can exploit `GatewayTransferNative` during `withdrawToNativeChain` calls due to inadequate checks ensuring that the `decoded.targetZRC20` matches the `params.toToken` received after swapping to drain funds

User can bypass fees for native zeta withdrawals to destination chain

User can siphon funds from `GatewayTransferNative` via USDC/USDT transfers from BNB -> `GatewayTransferNative` -> Destination chain due to flawed precision handling and checks

User can specify arbitary `externalId` via `GatewayTransferNative` to overwrite existing refunds of other users

`GatewaySend` contract lacks support for USDT tokens, resulting in broken core functionality and wasted gas fees.

Aborted native token `depositAndCall` that aborts via `onAbort` calls are not handled properly on `GatewayTransferNative` as they are considered no-asset calls (asset address is zero)

Reward distribution can be indefinitely extended by supplying small amounts of reward token

Vesting plans cannot be resetted upon new addition of SYMM LP tokens

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Minimum and maximum token amount allowed for user is wrongly compared in `updateParticipation`

Token allocation is wrongly updated in `updateParticipation`

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

`Pool.transferReserveToAuction` does not correctly reduce `currentPeriod` to transfer `reserveTokens` to Auction

Precision difference in `getRedeemAmount` results in inaccurate marketRate and redeemRate compairison

Precision loss in `getCreateAmount` and `getRedeemAmount` functions

Inconsistency in `sharesPerToken` values recorded

Excess bids cannot be removed in `Auction.removeExcessBids` if address is USDC blacklisted

Unspent deposit amount is stuck in `BalancerRouter` and not returned to depositor

Listing potential can not be purchased with discounted price

The `PythOracle.currentValue` function always returns outdated prices

Minting zero tokens when underlyingToken is not Ether in cashIn()

Market funds cannot be withdrawn for a profile as fees are not subtracted from `fundsPaid` when they are already applied

`VVVVCTokenDistributor.claim` can be front-run to steal rewards

[M-01] Distribution created with very small amount results in lost in fees for fee recipient and distribution assets for hypervisors