buyOrder:sellNFT() transfers NFT to contract itself instead of transferring to owner

A malicious user can delete all the lendOrders in factory by repeatedly calling cancelOffer() & addFunds()

Wrong value emitted in Withdraw event

Due To The `minWithdrawalAmount` check Users Who Want To Withdraw Wont Be Able To Queue Their Token Withdrawals On Some Amounts

Possible overflow in `quorumVotes` while starting a shutdown in CollectionShutdown.sol

Already `executed/sunset` collection can be `cancel()`, preventing users from claiming their `ETH`

Users can't reclaim votes due to arithmetic underflow if collection is cancelled

`listingCount` is not updated when floor token is directly relisted using `listing:relist()`

relist() can be used to `prevent` a tokenId from filling/selling with less than 0.15% of one collectionToken

`withdrawProtectedListing()` can be DoS, user will lost his NFT

`_listings` mapping is not deleted when a tokenId is reserved in `Listing:reserve()`

`_isLiquidation` mapping is not deleted in `listing:reserve()` when a liquidation tokenId is reserved

When a liquidationListing is relisted, owner receives taxRefund, which should not

`_distributeFees()` only checks for `donateThresholdMin` but not `donateThresholdMax`

Previous `beneficiary` will not be able to claim `beneficiaryFees` if current beneficiary is a pool

[H-01] Auction tokens will be lost forever when auction ends without bids

Owner of a cancelled Sablier stream will be elegible for a full amount reward claim, due to a revert in `FjordStaking::onStreamCanceled(...)`

`createRaffle()` can be DoS using `cancelRaffle()`

`refundPlayers()` doesn't update the `lockedETH`

Malicious user can pass different `prizeManager` address to cancelRaffle(), successfully trapping ETH/NFT/token in prizeManager.sol

`Roles::setRole()` doesn't work properly as admin `can't` remove users from their existing roles

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

Native token withdrawal fails until manually approved

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

Token withdrawal fails until someone manually approves spending

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

listOffer maker can settle offer via settleAskMaker() in Turbo settle type.

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

`listOffer` Unsafely References Fungible Identifiers

Trade tax and settled collateral amount are not updated in offer struct

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

Funds are `locked` forever in BribeRewarder, when `no` user voted for that pool

Wrong input validation while checking for locked position in Voter.sol

Voting will revert/DoS due to wrong input validation in BribeRewarder::deposit()

Subsequent user receives less reward while claiming in BribeRewarder::claim() due to wrong `_lastUpdateTimestamp`

Malicious user can take advantage of emergencyWithdraw() while voting

Malicious user can `DoS` honest BribeRewarder by `creating` MAX_BRIBES_PER_POOL with very `small` amount

Vultisig whitelisting can be bypassed by anyone

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

Updating `startBlock` in `SophonFarming::setStartBlock()` leads to wrong rewardPoints calculation

Incorrect withdraw queue balance in TVL calculation

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Vesting schedule can't be `revoked` if user has `withdrawn` any stakingToken

`rewardRate` in `ZivoeRewards` can be manipulated

`ApprovedEarner` can still earn `EarnerRate` even after removal from `EARNERS_LIST`

Attacker can frontrun `rewardDistribution` to steal other stakers reward

Burning of a member NFT stops further minting of member NFT

Rewards can be drained because of lack of access control

Users can not remove some amount of collateral from contract because of wrong implementation of "canRemoveCollateral()"

Missing deadline check allow pending transactions to be maliciously executed

Incorrect calculation of amount of EURO to burn during liquidation

Removal of approved token from token manager can lead to unintended liquidation of vaults