An attacker can bypass the challenge period during LPP finalization

LPP metadata can be altered after the challenge period is over, allowing incorrect states to be proven

The LPP challenge period can cause malicious and freeloader claims to be uncounterable and can also cause freeloader claims to be abused to entrap honest challengers

The `MIPS` doesn't implement `ADD`, `ADDI`, and `SUB` instructions correctly

`SNXConnector.sol` TVL calculation is incorrect.

`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used

Numerous errors when calculating the TVL for the MorphoBlue connector

In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true

The modifier `onlyExistingRoute` works incorrectly

Incorrect modifier condition

Lack of Slippage Controls in retrieveTokensForWithdraw Function

Users will never be able to withdraw their claimed airdrop fully in ERC20Airdrop2.sol contract

Signatures can be replayed in `withdraw()` to withdraw more tokens than the user originally intended.

The decision to return the liveness bond depends solely on the last guardian

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

A subject creator within a single block can claim holder fees without holding due to unprotected reentrancy path

onBalanceChange causes previously unclaimed rewards to be cleared

A user can steal an already transfered and bridged reSDL lock because of approval

Attacker can exploit lock update logic on secondary chains to increase the amount of rewards sent to a specific secondary chain

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Artist signatures can be forged to impersonate the artist behind a collection

`LiquidityPool::requestRedeemWithPermit` transaction can be front run with the different liquidity pool

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations

Owner can incorrectly pull funds from contests not yet expired