updateExtension() lacks permission restrictions

Maliciously specifying a very large intent.price will result in a large gain at settlement, stealing funds

settle() asyncFee is left in the KeepFactory and is not transfer to the keeper.

when ReserveBase undercollateralized , Manager.orders will not be able to execute

_ineligible() redemptionEligible is miscalculated

cancelGroupWithSignature() lacks security checks and can maliciously cancel anyone's signature group

TriggerOrder.notionalValue() Using the wrong latestPositionLocal to calculate the value causes the user to overpay fees

disable_max_lock() may not be disabled

balanceWithLock can be extended indefinitely

exerciseLp/exerciseVe slippage check wrong

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

Credit can be sold forcibly as `forSale` setting can be ignored via Compensate

Size uses wrong source to query available liquidity on Aave, resulting in borrow and lend operations being bricked upon mainnet deployment

Multicall does not work as intended

withdraw() users may can't withdraw underlyingBorrowToken properly

verify_origin() previous_sender may be forged

when a validator is kicked out of the bonded validator set ,unstake funds will remain in the contract

execute_stake() without setting DistributionMsg::SetWithdrawAddress, partial reward may remain in the contract

If WithdrawAddrEnabled = false, execute_claim() will fail

if Slash Validator occurs, UNSTAKING_QUEUE's unstake amount will not be accurate

is_permissioned() may underflow

is_permissioned() It doesn't make sense to have permissions by default after Blacklisted expires.

claim_batch() last_claimed_release_time is set too large when the balance is not enough

execute_claim() possible loss of accuracy or even inability to retrieve funds

borrow() maliciously let others to enter market

Attacker can steal all fees from SFPM in pools with ERC777 tokens.

`SettleLongPremium` is incorrectly implemented: premium should be deducted instead of added

_updateSettlementPostBurn() may not correctly reduce s_grossPremiumLast[chunkKey]

`_validatePositionList()` does not check for duplicate tokenIds, allowing attackers to bypass solvency checks

initialize() DOS attack by very big l2BlockNumber

OracleVersion will not be invalid

_loadContext() uses the wrong pendingGlobal.

Liquidator/referrer is himself, rewards will be lost

Liquidator can set up referrals for other users

ChainlinkFactory will pay non-requested versions keeper fees

paymaster will refund spentOnPubdata to user

L2SharedBridge l1LegacyBridge is not set

Freezed Chain will never be unfreeze since `StateTransitionManager::unfreezeChain` is calling `freezeDiamond` instead of `unfreezeDiamond`.

exerciseOptionsReceiver() Lack of Ownership Check for oTAP, Allowing Anyone to Use oTAPTokenID

Multiple lzCompose messages did not verify the legality of _srcChainSender

Unupdated totalBorrow After BigBang Liquidation

Unrestricted srcChainSender in USDO.executeModule()

SGL Liquidation Fees be Locked in Penrose

leverageUpReceiver() Missing Security Check for msg_.marketHelper

buyCollateral() does not work properly

sellCollateral() does not work properly

sellCollateral() using incorrect parameters when calling getAsset

sellCollateral() when sell collateral, the quantity parameter passed may too large

rebalance() Permission Control Error

mTOFTReceiver MSG_XCHAIN_LEND_XCHAIN_LOCK unable to execute

Multiple contracts cannot be paused

mTOFT when erc20==address(0) need to pay fees twice

TOFT.exerciseOptionsReceiver may unable to Retrieve TapToken

Balancer using safeApprove may lead to revert.

An attacker possesses the capability to exhaust the entirety of liquidity within the stable swap pools by manipulating the buy function, specifically by setting the asset_in parameter equal to the asset_out parameter

mintViaUnderlying() minImpliedRate may be invalid

wfCashLogic.sol returned eth is locked in the contract

_isExternalLendingUnhealthy() using stale factors

recover() using the standard transfer may not be able to retrieve some tokens

getOracleData() maxExternalDeposit not accurate

getTargetExternalLendingAmount() when targetUtilization == 0 no check whether enough externalUnderlyingAvailableForWithdraw

getTargetExternalLendingAmount() targetAmount may far less than the correct value

Immediate payment of REWARD_TOKEN may block most of nToken's operations

getWeightedPoolTokenPrice() wrongly assumes that all of the weighted pools uses totalSupply

getReservesByCategory() when useSubmodules =true and submoduleReservesSelector=bytes4(0) will revert

Attacker can steal all fees from SFPM in pools with ERC777 tokens.

`SettleLongPremium` is incorrectly implemented: premium should be deducted instead of added

_updateSettlementPostBurn() may not correctly reduce s_grossPremiumLast[chunkKey]

`_validatePositionList()` does not check for duplicate tokenIds, allowing attackers to bypass solvency checks

when reservedUntilTokenId > 100 first funder loss 1% NFT

reinvestReward() generates dust totalPoolClaim causing vault abnormal

Owner cannot withdraw all interest due to wrong calculation of accrued interest in WithdrwaCarry

No slippage protection for Market functions

Users will lose rewards when buying new tokens if they already own some tokens

MultiInvoker closableAmount the calculation logic is wrong

interfaceFee Incorrectly converted uint40 when stored

KeeperOracle callbacks only can set first market and user

vault.claimReward() If have a market without reward token, it may cause all markets to be unable to retrieve rewards.

paymaster will refund spentOnPubdata to user

L2SharedBridge l1LegacyBridge is not set

Freezed Chain will never be unfreeze since `StateTransitionManager::unfreezeChain` is calling `freezeDiamond` instead of `unfreezeDiamond`.

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Incorrect flag results to _hasFallbackToggled always set to false on createMultipleSettlement.

addGlobalToken() localAdress could be overwritten

commitRequested() front-run malicious invalid oralce

Cached `DOMAIN_SEPARATOR` is incorrect for tranche tokens potentially breaking permit integrations

onlyCentrifugeChainOrigin() can't require msg.sender equal axelarGateway

TWO DIFFERENT TRANSACTIONS CAN RESULT IN THE SAME `txnHash` VALUE THUS BREAKING THE APPROVAL PROCESS OF TRANSACTION MINTING

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

_curveSwap: getDpxEthPrice and getEthPrice is in wrong order

reLP() mintokenAAmount the calculations are wrong.

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

Delegated votes are locked when owner lock is expired

When adding a gauge, its initial value has to be set by an admin or all voting power towards it will be lost

`rngComplete` function should only be called by `rngAuctionRelayer`

Missing `deadline` param in `swapExactAmountOut()` allowing outdated slippage and allow pending transaction to be executed unexpectedly.

_computeAvailable() the calculations are wrong

RngRelayAuction.rngComplete() DOS attack

Proposals which intend to send native tokens to target addresses can't be executed

`TemporalGovernor` can be bricked by `guardian`

fund() fee token be locked

settle(address(0)) global overwritten by local

update() wrong privilege control

_claimRewards() Convex rewards may be locked in contracts

queueNewRewards() transferFrom number is wrong

updatePricingInfo() averagePrice calculations are wrong.

_beforeTokenTransfer() Missing call MainRewarder._updateReward

LMPVaultRouter duplicate transfer ETH

_withdraw() idleIncrease might be less

_performLiquidation() not working properly

deposit() may overflow

Resetting delegation will result in user funds being lost forever

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

Loss of precision leads to undercollateralized

Number of prize tiers always increases if just 1 canary prize is claimed

Collateral can be locked in BigBang contract when `debtStartPoint` is nonzero

Exercise option cross chain message in the (m)TapiocaOFT will always revert in the destination, losing debited funds in the source chain

Attacker can pass duplicated reward token addresses to steal the reward of contract `twTAP.sol`

Incorrect liquidation reward computation causes excess liquidator rewards to be given

Ability to steal user funds and increase collateral share infinitely in BigBang and Singularity

A user with a TapiocaOFT allowance >0 could steal all the underlying ERC20 tokens of the owner

Tokens can be stolen from other users who have approved Magnetar

twTAP.claimAndSendRewards() will claim the wrong amount for each reward token due to the use of wrong index.

Attacker can prevent rewards from being issued to gauges for a given epoch in TapiocaOptionBroker

`totalCollateralShare` state variable not updated in `Singularity` market upon liquidation, resulting in an error on `addCollateral` with skim functionality

Incorrect `eligibleAmount` for `AirdropBroker` Phase 3

`extractTAP()` function can allow minting an infinite amount in one week, leading to a DoS attack in `emitForWeek()`

`TapiocaOptionLiquidityProvision` causes Loss of Yield when depositing and withdrawing from Singularity - should use shares to track balances

TOFT `exerciseOption` fails due to not passing `msg.value` properly

`StargateStrategy#_currentBalance` calculation is incorrect and may lead to DoS

oTAP::participate - Call will always revert if msg.sender is approved but not owner

A portion of stargate token rewards earned by StargateStrategy are permanently locked in the contract

steal funds with variable decimals of payoutToken

reclaim() can be executed repeatedly

stake() missing set lastEpochClaimed when userBalance equal 0

claimRewards() If a rewards is too small, it may block other epochs

receiver can prevent exercise then force OptionToken to expire

takeEscrow() possible take funds from closed orders

liquidatePartyA() Liquidate DOS

setSymbolsPrice() can use the priceSig from a long time ago

Liquidation missing partyNonces++

LibMuon Signature hash collision

liquidatePositionsPartyA() may underflow

After the liquidation timeout, the corresponding trading is locked forever.

openPosition() need notSuspended() modifier

lockQuote() increaseNonce parameters do not work properly

fillCloseRequest() when CANCEL_CLOSE_PENDING , missing check minAcceptableQuoteValue

`VaultProxy` implementation can be initialized by anyone and self-destructed

Owner in VaultProxy.sol is address(0)

Chainlink's `latestRoundData` may return stale or incorrect result

depositETHOverTargetWeight() malicious modifications poolIdArrayIndexForExcessDeposit

`updatePoolAddress` functions always reverts when updating existing poolId

`pause/unpause` functionnalities not implemented in many pausable contracts

Incorrect flow of adding liquidity in UlyssesRouter.sol

`UlyssesToken` asset ID accounting error

redeem() beforeRedeem using the wrong owner parameter

withdrawProtocolFees() Possible malicious or accidental withdrawal of all rewards

Multiple issues with decimal scaling will cause incorrect accounting of hTokens and underlying tokens

setWeight() Logic error

Rerange/rebalance should not use protocolFee as asset for adding liquidity

ERC4626PartnerManager.sol mints extra `partnerGovernance` tokens to itself, resulting in over supply of governance token

`UlyssesToken.setWeights(...)` can cause user loss of assets on vault deposits/withdrawals

`BribesFactory::createBribeFlywheel` can be completely blocked from creating any Flywheel by a malicious actor

Ulysses omnichain - addbridgeagentfactory in rootPort is not functional

Removing more gauge weight than it should be while transfering ````ERC20Gauges```` token

RestakeToken function is not permissionless

_decrementWeightUntilFree() Possible infinite loop

updatePeriod() less mint HERMES

vMaia Lack of override forfeitBoost

migratePartnerVault() the first vault does not work properly

getPriceFromChainlink() doesn't check If Arbitrum sequencer is down in Chainlink feeds

Chainlink's latestRoundData return stale or incorrect result

Exchange Rate can be manipulated

DOS attack prevents refunding previous bid in Shortfall.sol and malicious bidder always wins the auction

Potential Unjust Liquidation After Exiting Market

placeBid() Possible participation in auctions that have been modified

It is impossible to slash queued withdrawals that contain a malicious strategy due to a misplacement of the ++i increment

swapProfitToCollateralToken() missing cancellation poolAmountAdjustment

decreasePosition() wrong calculation estimatedRemainingCollateralUsd

Incorrect implementation of RecordParser.readKeyValue()

CHALLENGER_REWARD can be used to drain reserves and free mint

[H-06] Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF

Challenges can be frontrun with de-leveraging to cause lossses for challengers

initializeClone() price calculation should round up

need alternative ways for fund transfer in `end()` to prevent DoS

POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES

function `restructureCapTable()` in Equity.sol not functioning as expected

`Factory.create`: Predictability of pool address creates multiple issues.

Loss of funds for traders due to accounting error in royalty calculations

Flash loan fee is incorrect in Private Pool contract

EthRouter can't perform multiple changes

`RubiconMarket._buys` will not work for V1 offers due to the reversion in `cancel` method.

DOS of market operations with malicious offers

A liquidated position possibly cannot be closed

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

claimCOMPAndTransfer() COMP may be locked into the contract

_redeemMoneyMarketIfRequired() redeem too much money from market

repayAccountPrimeDebtAtSettlement() user lost residual cash

getAccountPrimeDebtBalance() always return 0

A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

An attacker can manipulate the preDepositvePrice to steal from other users.

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

Bio Protocol - `tokenURI` JSON injection

enlistInRollover() wrong set ownerToRollOverQueueIndex

mintDepositInQueue() queue funds may be locked

mintRollovers() incorrect number to _mintShares()

delistInRollover() disrupt the rolloverQueue order

emissionsToken may be remain in the contract

getLatestPrice() possible use stale price

changeTreasury() Lack of check and remove old

ControllerPeggedAssetV2 should use vault's own treasury

triggerEndEpoch() miss check vault.totalAssets() equals 0

mintRollovers() the logic of judging whether to win may wrong

rolloverQueue may lead to GAS OUT risk

deploying contracts with forceDeployOnAddress will break contracts when callConstructor is false

DefaultAccount#fallback lack payable

`LotteryMath.calculateNewProfit` returns wrong profit when there is no jackpot winner

deposit() front-run steal funds

liquidate() Possible loss of precision

Pool may store the fee to address(0)

checkTransaction() can skip minThreshold limt

addToTotalRewards() may be calculation wrong when current period rewards are not set

withdrawalRequest() maybe lost funds in the first period

pullFunds() break should not be used

setDeltaAllocationsInt() in the blacklist revert will cause the other also can not set

Re-balancing the vault allocation may always revert when distributing profits : resulting of a massive system DOS

If the strategy incurs a loss the Active Pool will stop working until the shortfall is paid out entirely

_harvestCore() roi calculation error

createDeposit() steal wnt

executeWithdrawal() minLongTokenAmount/minShortTokenAmount doesn't work

estimateExecuteWithdrawalGasLimit() Missing included gasForSwaps

Malicious seller forced break lockCapital()

claimUnlockedCapital() can be repeatedly claimed

_calculateClaimableAmount() wrong calculate the claimable amount

activeProtectionIndexes OUT_OF_GAS attacks

requestWithdrawal() lack of refresh pool cycle before get cycle index

user may not be able to renewProtection() properly within protectionRenewalGracePeriodInSeconds

malicious expiration leads to refund failure and fund lock

claimTiered() steal bounty

ClaimBounty () If any NFT has refund, it will lead to failure to claim other bounty

not support token: revert on Zero Value Transfers.

deposits OUT_OF_GAS attacks

block claim bounty attacks

nftDepositLimit attack

fundBountyToken() cannot fund token that has been added before

setPayoutScheduleFixed/setPayoutSchedule() can't resize to fewer tiers

Anyone who uses same adapter have ability to pause it

Modifier VaultController._verifyCreatorOrOwner does not work as intented

BeefyAdapter() malicious vault owner can use malicious _beefyBooster to steal the adapter's token

AdpaterBase.harvest should be called before deposit and withdraw

AdapterBase should always use delegatecall to call the functions in the strategy

Malicious Users Can Drain The Assets Of Vault. (Due to not being ERC4626 Complaint)

The calculation of ````takeFees```` in ````Vault```` contract is incorrect

`Vault.redeem` function does not use `syncFeeCheckpoint` modifier

cool down time period is not properly respected for the `harvest` method

VaultController() Missing call DeploymentController.nominateNewDependencyOwner()

Anyone can reset fees to 0 value when Vault is deployed

`Vault::takeFees` can be front run to minimize `accruedPerformanceFee`

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Possible scenario for Signature Replay Attack

Funds can be stuck due to wrong order of operations

Users may not claim Erc1155 rewards when the Quest has ended

User may loose rewards if the receipt is minted after quest end time

ERC20 TRANSFERFROM RETURN VALUES NOT CHECKED

Lender force Loan become default

rollable defaults to true, which may put Lender at risk

`CashManager.setEpochDuration` functions has inconsistent output.

setPendingRedemptionBalance() may cause the user's cash token to be lost

Attacker can take loan for Victim

Lack of StrategyDetailsParam.vault validation allows the borrower to steal all the funds from the vault

Improper validations in Clearinghouse. possible to lock collateral NFT in contract.

ERC4626Cloned deposit and mint logic differ on first deposit

minDepositAmount is unnecessarily high, can price out many users

For a public vault, minimum deposit requirement that is enforced by `ERC4626Cloned.deposit` function can be bypassed by `ERC4626Cloned.mint` function or vice versa when share price does not equal one

LienToken.transferFrom There is a possibility of malicious attack

settleAuction() Check for status errors

_buyoutLien() does not properly validate the liquidationInitialAsk

LienToken._payment function increases users debt

Arbitrary transactions possible due to insufficient signature validation

Attacker can gain control of counterfactual wallet

Borrowers may earn auction proceeds without filling the debt shortfall

PaprController.buyAndReduceDebt: msg.sender can lose paper by paying the debt twice

`PaprController` pays swap fee in `buyAndReduceDebt`, not user

Disabled NFT collateral should not be used to mint debt

MinipoolManager: node operator can avoid being slashed

Hijacking of node operators minipool causes loss of staked funds

ProtocolDAO lacks a method to take out GGP

MinipoolManager: recordStakingError function does not decrease minipoolCount leading to too high GGP rewards for staker

MultisigManager may not be able to add a valid Multisig

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

Coding logic of the contract upgrading renders upgrading contracts impractical

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

Users can bypass the `maxWinPercent` limit using a partially closing

Not enough margin pulled or burned from user when adding to a position

StopLoss/TakeProfit should be validated again for the new price in `Trading.executeLimitOrder()`

Governance NFT holder, whose NFT was minted before `Trading._handleOpenFees` function is called, can lose deserved rewards after `Trading._handleOpenFees` function is called

Chainlink price feed is not sufficiently validated and can return stale price

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit

selfdestruct may cause the funds to be lost

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

`saleReceiver` and `feeReceiver` can steal refunds after sale has ended

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

cancel() maybe can't execute

checkOrder() anyone can cancel other people's order

Users in usdc's blocklist will block CrabNetting running.

partialWithdrawFromGauge() can steal other people's token

_updateVirtualPrice() virtualPrice smaller than expected

increaseCollateralAmount() may be unable to prevent liquidation

Malicious Users Can Drain The Assets Of Auto Compound Vault

fee loss in AutoPxGmx and AutoPxGlp and reward loss in AutoPxGlp by calling PirexRewards.claim(pxGmx/pxGpl, AutoPx*) directly which transfers rewards to AutoPx* pool without compound logic get executed and fee calculation logic and pxGmx wouldn't be exe

Deposit Feature Of The Vault Will Break If Update To A New Platform

PirexGmx#migrateReward() may cause users to lose Reward.

resolveQueuedTrades() may use the malicious price

UNSAFE USAGE OF ERC20 TRANSFER AND TRANSFERFROM

resolveQueuedTrades() ERC777 re-enter to steal funds

reclaimContract() malicious causes token loss

transferPosition() cause the order to rematch

withdrawToken() Malicious users can let other user's NFT be locked

withdrawToken() May not be able to retrieve NFT

Giant pools can be drained due to weak vault authenticity check

Incorrect implementation of the ETHPoolLPFactory.sol#rotateLPTokens let user stakes ETH more than maxStakingAmountPerValidator in StakingFundsVault, and DOS the stake function in LiquidStakingManager

Giant pools cannot receive ETH from vaults

Direct theft of buyers ETH funds.

Pool designed to be upgradeable but does not set owner, making it unupgradeable

stake() No limit _unlockTime , can get huge votes

Attacker can steal any funds in the contract by state confusion (no preconditions)

Borrower can close a credit without repaying debt

Borrower can craft a borrow that cannot be liquidated, even by arbiter. 

Whitelisted functions aren't scoped to revenue contracts and may lead to unnoticed calls due to selector clashing

Mistakenly sent eth could be locked

Pledges that contain delisted tokens can be extended to continue using delisted reward tokens

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

withdraw() Logical problem

setPrincipal() for Notional alway fail

Redeemer.sol can't set new fee

mint() wrong pass parameter

WithdrawProxy allows anyone to deposit/mint, resulting in malicious enlargement of shares.

cancelAuction() no refund of the final bid amount

commitToLiens() Execution always fails

buyoutLien() will cause the vault to fail to processEpoch()

Auction#reservePrice maybe less than required

createBid() newDuration miscalculation

new loans "max duration" is not restricted

_payment() maybe overpayment

call() signature replay attack

registerTemplate() can't handle properly when ITemplate version is 0

ApprovalAll event is missing parameters

removeAdapter/removeToken need to cancel approve

updateTrust() vouchers also need check maxVouchers

wrong "unit" setting

contract unavailability attack

Improper escrow configuration can lead to loss of Rewards

Direct theft of buyers ETH funds.

Pool designed to be upgradeable but does not set owner, making it unupgradeable

addPlugin() does not limit duplicate plugins, which can lead to double balances

transfer any amout LINK before first deposit() will result in any subsequent deposits getting shares equal to zero

epochsByBuyer() count error

Wrong accounting logic when syncRewards() is called within beforeWithdraw makes withdrawals impossible

Permanent freeze of vested tokens due to overflow in _baseVestedAmount

Supply cap of VariableSupplyERC20Token is not properly enforced

Can Recover Gobblers Burnt In Legendary Mint

The reveal process could brick if `randProvider` stops working

Depeg event can happen at incorrect price

The settledPrice maybe exceed maximumPrice

Multiple vote checkpoints per block will lead to incorrect vote accounting

Delegation should not be allowed to address(0)

Truncation in casting can lead to a founder receiving all the base tokens

The quorum votes calculations don't take into account burned tokens

A proposal can pass with 0 votes in favor at early DAO stages

Index out of bounds error when properties length is more than attributes length breaks minting

UniV2Controller.sol miss the legal detection of tokensIn

Anyone can pass any proposal alone before first `VOTES` are minted

ERC721Checkpointable: delegateBySig allows the user to vote to address 0, which causes the user to permanently lose his vote and cannot transfer his NFT.

ERROR IN UPDATING **_checkpoint** IN THE **increaseUnlockTime** FUNCTION

Forget to check "Some manifolds contracts of ERC-2981 return (address(this), 0) when royalties are not defined" in 3rd priority - MarketFees.sol

MIMOEmptyVault.sol executeOperation() does not transfer the Vault leftover assets to the owner, it is locked in the MIMOEmptyVault

Builder can call `Community.escrow` again to reduce debt further using same signatures

Project funds can be drained by reusing signatures, in some cases

Interface definition error

Users can create extra ENS records at no cost

Proposal which started buyout which fails is able to settle migration as if its buyout succeeded.

Migration: no check that user-supplied `proposalId` and `vault` match