Owner cannot withdraw all interest due to wrong calculation of accrued interest in WithdrwaCarry

The price of rsEHT could be manipulated by the first staker

Possible arbitrage from Chainlink price discrepancy

Protocol mints less rsETH on deposit than intended

Lack of slippage control on LRTDepositPool.depositAsset

Single host can unfairly skip veto period for proposal that does not have full host support

Array Length of `tickTracking_ ` Can be Purposely Increased to Brick Minting and Burning of Most Users' Liquidity Positions

Rewards cannot be transferred when calling protocol command

TWO DIFFERENT TRANSACTIONS CAN RESULT IN THE SAME `txnHash` VALUE THUS BREAKING THE APPROVAL PROCESS OF TRANSACTION MINTING

Chain support cannot be removed or cleared in bridge contracts

Risk of silent overflow in reserves update

Transaction revert if the baseToken does not support 0 value transfer when charging changeFee

`Factory.create`: Predictability of pool address creates multiple issues.

Loss of funds for traders due to accounting error in royalty calculations

Royalty recipients will not get fair share of royalties

`changeFeeQuote` will fail for low decimal ERC20 tokens

Flash loan fee is incorrect in Private Pool contract

EthRouter can't perform multiple changes

Reward accounting is incorrect in BathBuddy contract

FeeWrapper fails to handle ETH payment refunds

`RubiconMarket._buys` will not work for V1 offers due to the reversion in `cancel` method.

An attacker can steal all tokens of users that use `FeeWrapper`

BathBuddy contract should implement methods to pause and unpause contract

Rewards for initial period may be lost in `BathBuddy` contract

Low level calls to accounts with no code will succeed in `FeeWrapper`

Fee inclusivity calculations are inaccurate in RubiconMarket

Zero reward rate calculation impedes low-decimals token distributions

Cannot close leveraged positions

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

Reth `poolPrice` calculation may overflow

In de-peg scenario, forcing full exit from every derivative & immediately re-entering can cause big losses for depositors

DoS due to external call failure

Missing derivative limit and deposit availability checks will revert the whole `stake()` function

Users will be able to purchase fewer NFTs than the project had anticipated

Bio lines will overflow the buffer for repeated "continuation" characters

Users can end up buying and paying for a different Tray than the one they were trying to acquire

Incorrect emoji displaying

Bio Protocol - `tokenURI` JSON injection

Updating a pool's total points doesn't affect existing stake positions for rewards calculation

`LotteryMath.calculateNewProfit` returns wrong profit when there is no jackpot winner

Unsafe casting from `uint256` to `uint16` could cause ticket prizes to become much smaller than intended

The buyer of the ticket could be front-runned by the ticket owner who claims the rewards before the ticket's NFT is traded

MerkleMinter created through TokenFactory cannot be upgraded

Multiple accounts can have the same identity

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Buyer on secondary NFT market can lose fund if they buy a NFT that is already used to claim the reward

Funds can be stuck due to wrong order of operations

RabbitHoleReceipt's address might be changed therefore only manual mint will be available

Users may not claim Erc1155 rewards when the Quest has ended

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

User may loose rewards if the receipt is minted after quest end time

_ownedTokensIndex is SHARED by different owners, as a result, _removeTokenFromAllTokensEnumeration might remove the wrong tokenId.

Burning a `ERC1155Enumerable` token doesn't remove it from the enumeration

`_currentIndex` is incorrectly updated; breaking the ERC1155 enumerable implementation

Loss of user funds when completing CASH redemptions

KYCRegistry is susceptible to signature replay attack.

ERC4626Cloned deposit and mint logic differ on first deposit

Function withdraw() and redeem() in ERC4626RouterBase would revert always because they have unnecessary allowance setting

Users are unable to mint shares from a public vault using `AstariaRouter` contract when share price is bigger than one

`FeeRefund.tokenGasPriceFactor` is not included in signed transaction data allowing the submitter to steal funds

Arbitrary transactions possible due to insufficient signature validation

Attacker can gain control of counterfactual wallet

Destruction of the `SmartAccount` implementation

SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps

Hijacking of node operators minipool causes loss of staked funds

MinipoolManager: recordStakingError function does not decrease minipoolCount leading to too high GGP rewards for staker

MultisigManager may not be able to add a valid Multisig

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

Coding logic of the contract upgrading renders upgrading contracts impractical

Rounding error in buyQuote might result in free tokens

The recipient receives free collateral token if an ERC20 token that deducts a fee on transfer used as baseToken

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

ETH will get stuck if all NFTs do not get sold.

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

Creator can still "cancel" a sale after it has started by revoking permissions in `OpenEdition` contract

NFTs mintable after Auction deadline expires

Allow payer to recover tokens sent in excess

`checkOrder` function can be used by a griefer to invalidate an order or cause a DoS by frontrunning the auction calls

Potential DoS in `depositsQueued` and `withdrawsQueued` functions

Malicious Users Can Drain The Assets Of Auto Compound Vault

`asset` param from publisher isn't validated in function `resolveQueuedTrades` of `BufferRouter` contract

ERC20 `transferFrom` isn't validated in function `initiateTrade` of `BufferRouter` contract

Direct theft of buyers ETH funds.

Pool designed to be upgradeable but does not set owner, making it unupgradeable

Yul `call` return value not checked

Non-existing revenue contract can be passed to claimRevenue to send all tokens to treasury

addCredit / increaseCredit cannot be called by lender first when token is ETH

Borrower can close a credit without repaying debt

Repaying a line of credit with a higher than necessary claimed revenue amount will force the borrower into liquidation

Call to declareInsolvent() would revert when contract status reaches liquidation point after repayment of credit position 1

Lender can trade claimToken in a malicious way to steal the borrower's money via claimAndRepay() in SpigotedLine by using malicious zeroExTradeData

The lender can draw out extra credit token from borrower's account

Whitelisted functions aren't scoped to revenue contracts and may lead to unnoticed calls due to selector clashing

address.call{value:x}() should be used instead of payable.transfer()

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Oracle assumes token and feed decimals will be limited to 18 decimals

Failed job can't be recovered. NFT may be lost.

Bad source of randomness

MED - Incorrect implementation of ERC721 may have bad consequences for receiver

Direct theft of buyers ETH funds.

Pool designed to be upgradeable but does not set owner, making it unupgradeable

Yul `call` return value not checked

Supply cap of VariableSupplyERC20Token is not properly enforced