Deposit Feature Of The Vault Will Break If Update To A New Platform

Anyone can call AutoPxGmx.compound and perform sandwich attacks with control parameters

AutoPxGmx.maxWithdraw and AutoPxGlp.maxWithdraw functions calculate asset amount that is too big and cannot be withdrawn

Usage of transfer function without checking return value can result in failure to rescue ERC20 tokens

Certain ERC20 tokens can get locked in BufferBinaryPool

Incorrect accounting in SyndicateRewardsProcessor results in any LP token holder being able to steal other LP tokens holder's ETH from the fees and MEV vault.

Sender transferring GiantMevAndFeesPool tokens can afterward experience pool DOS and orphaning of future rewards

GiantPool batchRotateLPTokens function: Minimum balance for rotating LP Tokens should by dynamically calculated

GiantMevAndFeesPool.previewAccumulatedETH function: "accumulated" variable is not updated correctly in for loop leading to result that is too low

Calling `updateNodeRunnerWhitelistStatus` function always reverts

Freezing of funds - Hacker can prevent users withdraws in giant pools

GiantPool should not check ETH amount on withdrawal

Withdrawing wrong LPToken from GiantPool leads to loss of funds

OwnableSmartWallet: Multiple approvals can lead to unwanted ownership transfers

Non-existing revenue contract can be passed to claimRevenue to send all tokens to treasury

Repaying a line of credit with a higher than necessary claimed revenue amount will force the borrower into liquidation

Lender can trade claimToken in a malicious way to steal the borrower's money via claimAndRepay() in SpigotedLine by using malicious zeroExTradeData

Mutual consent cannot be revoked and stays valid forever

Mistakenly sent eth could be locked

Variable balance ERC20 support

Borrower/Lender excessive ETH not refunded and permanently locked in protocol