LamboFactory can be permanently DoS-ed due to createPair call reversal

Minting zero tokens when underlyingToken is not Ether in cashIn()

Pause and unpause functions are inaccessible

Bypass minting fee in mintBatch function

Collection referrer share is sent to the referrer instead of the collection referrer

Excess minting fee is not refunded to the user

mintBatch function doesn't work as expected

TitlesGraph contract does not strictly follow EIP-712 standard

TWO DIFFERENT TRANSACTIONS CAN RESULT IN THE SAME `txnHash` VALUE THUS BREAKING THE APPROVAL PROCESS OF TRANSACTION MINTING

All bridged funds will be lost for the users using the account abstraction wallet

The `BURNER` cannot burn tokens from accounts not KYC verified due to the check in `_beforeTokenTransfer`.

Incorrect accounting for rewards in mint and increaseLiquidity

Malious users can drain the prize from the winner

Incorrect amounts of ETH are transferred to the DAO treasury in `ERC20TokenEmitter::buyToken()`, causing a value leak in every transaction

Once EntropyRateBps is set too high, can lead to denial-of-service (DoS) due to an invalid ETH amount

The quorumVotes can be bypassed

CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse

Anyone can prolong the time for the rewards to get distributed

Incorrect calculation of pool token for the Balancer stable pool

Incorrect deviation calculation in isDeviatingWithBpsCheck function

Incorrect total supply calculation in Balancer Weighted Pools

Founder loses first NFT due to flawed token ID calculation beyond 100 reserved tokens

Owner cannot withdraw all interest due to wrong calculation of accrued interest in WithdrwaCarry

No slippage protection for Market functions

The price of rsEHT could be manipulated by the first staker

Protocol mints less rsETH on deposit than intended

Update in strategy will cause wrong issuance of shares

Single host can unfairly skip veto period for proposal that does not have full host support

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Vulnerability in burnToMint function allowing double use of NFT

The RandomizerVRF and RandomizerRNG not produce hash value.

Re-wounding healed agents within the same round

Soft Restricted Staker Role can withdraw stUSDe for USDe

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

Borrower can drain all funds of a sanctioned lender

`setAnnualInterestBips()` can be abused to keep a market's reserve ratio at 90%

Incorrect decimal usage in score calculation leads to reduced user reward earnings

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Incorrect flag results to _hasFallbackToggled always set to false on createMultipleSettlement.

Message channels can be blocked resulting in DoS

Allocator Can Exceed maxVoiceCreditsPerAllocator Limit

Incorrect Calculation in Voice Credit Allocation

Lack of Support for Fee-on-Transfer Tokens

Minimum Review Threshold Fails to Function Properly

Funding During Distribution Can Skew Allocation Amounts

User Registration Failure When useRegistryAnchor is Enabled

The Restriction Manager does not completely implement ERC1404 which leads to account that are supposed to be restricted actually have access to do with their tokens as they see fit

TWO DIFFERENT TRANSACTIONS CAN RESULT IN THE SAME `txnHash` VALUE THUS BREAKING THE APPROVAL PROCESS OF TRANSACTION MINTING

All bridged funds will be lost for the users using the account abstraction wallet

The `BURNER` cannot burn tokens from accounts not KYC verified due to the check in `_beforeTokenTransfer`.

`fastTrackProposalExecution` doesn't check `intendedRecipient`

accrueInterest is expected to revert when the rate is higher than the maximum allowed rate, which is possible since the utilization can be more than 1

Vault cannot be added back into the vault registry

Malicious users can exploit the auction and make profit when the SetToken is not locked.

In case of stock split and reverse split, the Dshare token holder will gain or loss his Dshare token value

The rebalanceAll function fails due to missing pool with 0.05% fee

No slippage protection when withdrawing and providing liquidity in rebalanceAll

A suspended user can withdraw funds with collusion

_applyFees is not updated before setting manager fee bps

outdated variable is not effective to check price feed timeliness

In case the portfolio makes a loss, the total reserves and reserve ratio will be inflated.

[M-1] Price Oracle contract does not work in Arbitrum and Optimism

Maker can close position without checking utilization rate.

USSD can be minted or burned by anyone without authorization

The swap function is vulnerable to sandwich attacks due to lack of slippage control and deadline

When rebalancing and buying collateral, the DAI collateral is bought even though it should not

Incorrect DAIEthOracle and ethOracle addresses

Incorrect decimal of the DAI/ETH price feed

Redeem function for DAI is not implemented

rebalance function will revert if the DAI collateral amount is less than amountToBuyLeftUSD

Returned values of Chainlink Oracle are not verified

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

User can exponentially increase the value of their position through the memorializePositions function

Club buyers may lose all players and tokens in escrow

Use safeTransfer instead of transfer

Ineffective heartbeat checking due to inconsistent heartbeat intervals for Oracle price feeds

UniswapPriceAdaptor fails after updating impact

Some positions will get liquidated immediately

Reward accounting is incorrect in BathBuddy contract

DOS of market operations with malicious offers

Fee inclusivity calculations are inaccurate in RubiconMarket

A liquidated position possibly cannot be closed

A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

[M-4] Incorrect update of ownerToRollOverQueueIndex index when rollover is already queued

[M-5] Deposit fee can be bypassed by user

[M-6] Rollover queue can be broken by user delisting executed rollover from queue

[M-1] Treasury address could not be changed

[M-2] Vault Factory ownership can be changed immediately and bypass timelock delay

[M-3] Chainlink’s latestRoundData Might Return Stale Results

Updating a pool's total points doesn't affect existing stake positions for rewards calculation

Locking rewards tokens in Staking contract when there are no stakes

[H-01] Liquidation reward can be wrongly calculated because of round.

[H-02] Approve and transferFrom functions of Pool tokens are subject to front-run attack.

[M-01] Free Recipient can be set to address(0)

[H-01] User could drain all the external and internal rewards from the vault

[M-01] Loop through protections is subject to DDOS attack

[H-02] Protection seller could front-run DefaultStateManager to withdraw funds which is supposed to be locked.

[H-03] Protection buyer could front-run the DefaultStateManager to buy protection for the late payment lending pool

[M-04] voucherIndexes is not updated when member cancel the voucher

[H-01] Capture the majority of the prize pool by exploiting the deposit and refund mechanism

[M-02] receivingFunds is subjected to DDOS attacks

[H-01] Management Fee for a vault is charged even when there is no assets under management and subject to manipulation.

ERC4626Cloned deposit and mint logic differ on first deposit

Arbitrary transactions possible due to insufficient signature validation

Attacker can gain control of counterfactual wallet

node operator is getting slashed for full duration even though rewards are distributed based on a 14 day cycle

MultisigManager may not be able to add a valid Multisig

Coding logic of the contract upgrading renders upgrading contracts impractical