Withdrawer can drain excess wNXM from the vault at the expense of remaining depositors via Uniswap pool manipulation

`extendDeposit` fails to track new tranches, causing `stakedNxm()` and `totalAssets()` to be skewed

EIP-1155 is broken in `PositionTokens`

Privilege escalation of authorized matchers, who can divert fees and pause trading

Any user can delete pending bucket emissions by staking/unstaking before donations

Any staker will mint past-idle emissions to their chosen bucket, drifting emissions and violating expected timing invariant

Unbalanced deposit fee under-charges large asymmetries, stealing from LPs

Retroactive auto-voting for epochs that already ended is possible.

Maker position creation will be DOSed in some cases for revert on zero tokens.

`NFTManager.tokenURI()` always reverts because `_generateMetadata` reads the wrong storage

A maker reducing liquidity early will freeze JIT penalties in the diamond, affecting protocol revenues

Users can supply rogue `controlTower` address to `migrateFrom` and steal from other users

`zappingProxy.zapProxy` is incompatible with `USDT`

`InflationaryVest` can be drained

Rebalancer can divert funds by choosing an arbitrary receiver, escalating its privileges

A decimal mismatch in `MixedPriceOracleV4` makes the oracle always select `eOracle`, breaking the expected functionality and causing DoS when eOracle is stale

Any rebalancer will permanently block rebalancing on a `dstChainId, token` pair causing inability to rebalance for the protocol

Transfer whitelist check is inverted for `TokenizedShareManager`, breaking the transfer whitelist functionality

Incorrect address of `V3_POS_MGR` on `Base` would break `V3Locker`