leverage tokens can’t be redeemed when bondSupply = 0.

reserve token amount will be less than expected when leverage tokens are redeemed because precision is multiplied after division in redeemRate calculation.

if bond token holders account is blacklisted for usdc, then those accounts can’t claim usdc from distributor contract.

Treasury contract’s updateUsdaCollectedFromCdsWithdraw is not updated/increased when the function withdrawUserWhoNotOptedForLiq is called, as a result some usda will be out of the accounting mechanism(out of usdaCollectedFromCdsWithdraw).

optionfees from this chain(params.optionFees - params.optionsFeesToGetFromOtherChain) should be deducted from totalCdsDepositedAmountWithOptionFees but params.optionsFeesToGetFromOtherChain is deducted from totalCdsDepositedAmountWithOptionFees in the function withdrawUser.

lastEventTime is not updated in the function liquidate, so CumulativeRate will be bigger than expected.

when the function liquidationType1 is called,treasury’s abondUSDaPool is increased/updated but treasury’s usdaGainedFromLiquidation should be increased/updated.

Protocol will get less interest from borrowers as CumulativeRate is updated after borrower withdrawal.

when the liquidate function(function liquidationType1) is called vaultvalue(liquidated collateral value) is not decreased from omniChainData.vaultValue. As a result, the cds/borrow ratio will always be less than the real cds/borrow ratio.

usdaCollectedFromCdsWithdraw will be stuck in the treasury contract.

lastethprice is not updated function in deposit(borrowlib)/function depositTokens(borrowing).

function withdrawUser can revert due to underflow when params.cdsDepositDetails.initialLiquidationAmount is subtracted from returnAmountWithGains

omniChainData.cdsPoolValue is not decreased/updated in the function liquidationType1,as a result cds/ borrow ratio will be bigger than expected.

When the function relist is called, it doesn't consider if the collection’s tokeid has been internally mapped as a liquidation.

Tax paid calculation is incorrect when cancelling a tokenid from listings/full tax paid is not transferred to feecollector when cancelling a tokenid.

reserve.updateInterestRates is not done properly in the function executeRepay.

vars.debtReserveCache.nextDebtShares is updated incorrectly in the function _repayDebtTokens.

vars.baseCollateral/ vars.debtAmountNeeded/vars.collateralAmount calculations are incorrect in the function _calculateAvailableCollateralToLiquidate.

self.debtShares is not converted into amounts when repaying the debt amount .

DoS on liquidations when a reserve’s asset is borrowed/withdrawn fully in a pool.

Nft position owner can’t disable an asset from ReserveAsCollateral.

Repaid interest is not accounted properly between supplier(deposier) and reserve treasury.

When the function refundPlayers is called, _lockedETH is not decreased/updated.

minTicketsThreshold check inconsistency in function _checkShouldDraw and function _checkShouldCancel.

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Forger Entities can forge more times than intended

There is no slippage protection properly in function exerciseVe/exerciseLp.

Credit can be sold forcibly as `forSale` setting can be ignored via Compensate

Operatorid will not be removed properly from a strategy.

Shareowed for withdrawals in a epoch are deposited to the withdrawalQueue are double or more than shareowed.

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Council members will claim 0 telcoin tokens as tokenid burn mechanism is wrong.

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

onBalanceChange causes previously unclaimed rewards to be cleared

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

The creation of bad debt (`mark-down` of Credit) can force other loans in auction to also create bad debt

Malicious borrower can decrease Guild holders reward

Founders baseTokenId will be less than reservedUntilTokenId.

The price of rsEHT could be manipulated by the first staker

Possible arbitrage from Chainlink price discrepancy

Borrower has no way to update `maxTotalSupply` of `market` or close market.