Incorrect update of `autoOption[msg.sender]` in the `Voter.vote` function

Incorrect update pool state in the `IncentiveGauge._upsertIncentive` function.

Precision loss to claculate the `rewardRate` in the `IncentiveGauge._upsertIncentive` function

Precision loss of the `VsTAN.processRewards` function causes the lock of rewards

Incorrect use of `previewMint` in the `WStable.mint` function

Incorrect use of the `refundCurrencyAmount` variable in the `Launch.updateParticipation` function

Malicious attackers can steal funds from the protocol by creating same order ids

Malicious attackers can steal funds from `OracleLess` contract by calling `fillOrder` function with malicious contract as `target` variable

The `execute` functions should reset the allowance of the `tokenIn` token to 0 after execution of `target.call(txData)`

Malicious attackers can cause out of gas to fill orders by creating a lot of orders in the `OracleLess` contract

Filling stop limit order created with 'Swap-On-Fill' creates the new bracket order with incorrect `direction` value

Arbitrage attackers can steal funds from the reputation market.

In the `ReputationMarket.buyVotes` function, `marketFunds[profileId]` should not contain protocol entry fee and donation fee

The `EthosVouch.applyFees` function calculates the protocol, donation and vouchersPool fee incorrectly

A malicious attacker can frontrun the `claim()` function