Protocol is printing free unbacked money(YUSD) instead of taking redemption fees.

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Even after execute has been called, an attacker can reset canExecute to true and cancle to delete the collection which will DOS users claims.

No function for voters to reclaim their collectionTokens incase the shutdown process was canceled before being executed.

ETH will be drained from the CollectionShutdown contract because CollectionShutdownParams.quorumVotes is not compatible with collectionTokens that have 7,8 or 9 denominations i.e. 1e27 decimals.

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

listOffer maker can settle offer via settleAskMaker() in Turbo settle type.

Missing abort status check allows bid taker to steal users funds

PreMarkets - Unable to withdraw platform rewards

High risk of griefing attack during settlement period in Protected mode

Malicious actor can abuse the minimum shares check in `StakingLPEth` and cause DoS or locked funds for the last user that withdraws

Future stakers are paid with rewards that have been accrued from the past due to miscalculation in userRewardPerTokenPaid and _perTokenReward.

Not upadting `_totalAuctionTokenAllocation` when removing last auction config at cooldown leads to wrong accounting of `_totalAuctionTokenAllocation` and permanent lock of auction tokens

Auction tokens cannot be recovered for the first ever spice auction

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

Fragmentation fee is not taken if user compensates with newly created position

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Anyone can decrease the rewardRate and increase the periodFinish for all the reward tokens.

Revoking a user can lead to miscalculations in rewards and DOS for the last users to withdraw.

Integration issue in ousgInstantManager with BUILD if minUSTokens is set by blackrock.

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract

Rewards can be drained because of lack of access control

Anyone with TST tokens can monitor the mempool and frontrun mint/burn functions to get EUROs rewards without even staking.

Lack of Minimum Amount Check in `SmartVaultV3::mint`, `SmartVaultV3::burn`, and `SmartVaultV3::swap` Can Result in Loss of Fees

Incorrect value returned by position() function

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

Constructor of `Escrow` should make sure that `buyer`, `seller`, `arbiter` are different from each other.

asui