Signature uniqueness not enforced in consensus multisig validation

Cross-chain operations lack decimal transformation causing fund loss

Cross-chain liquidation allows liquidators to seize collateral without repaying debt

Cross-chain collateral borrow calculation uses impossible filtering condition

No incentive to liquidate small positions could result in accumulation of bad debt

Mixing protocol-wide borrow value with token-specific index leads to inconsistent liquidation eligibility

Missing withdrawal pause check in `confirmWithdrawal` allows bypassing withdrawal restrictions

Arbitrary from parameter in transferFrom allows unauthorized token transfers

Unlimited request assignment and lack of the mechanism to revoke worker permissions enables protocol-wide DoS attack via malicious worker

Incorrect initializer modifier in Vesting contract prevents proper initialization

Incorrect tick parameter in collectFees() function leads to loss of vesting position fees or possible complete protocol lockup

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Attacker can prevent user from executing application registered through `initFromToken()` in `AgentFactoryV4`.

`amountOutMin` passed in as 0 in `AgentToken::_swapTax` leads to loss of funds due to slippage

Wrong refundExecutionFee in _handleReturn

Wrong index causes last depositor to always get execution fee refund if cancelFlow is called by keeper to cancel a withdrawal

Functions that rely on chainlink prices cannot be queried on avalanche due to sequencer uptime check.

NFTs Get Permanently Locked in Stability Pool After Liquidation

The endAuction function attempts to send native tokens to the StabilityPool, which does not support

Ineffective proposal threshold validation allows setting arbitrary high values

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step