unsynced `staked` value when unbond open for DOS

Not using a more precise YEAR value, like AZERO staking

`NominationAgent` contract lack of transfer admin function

Lack of total outstanding rewards in the contract which can prevent any unclaimed reward mistakenly removed

`setValidatorAddress` will not be usable in the long run due to `unstakings` array will eventually reach 300 array length

`sharesToBurn` on redeeming rewards doesn't rounding up, which tend towards favoring validators and Covalent slowly loosing the CQT

burn will remove last `tokenId` balance, resulting user who own last `tokenId` can't claim their balance

Checking whether account safe is not using correct rate on JUSDBank withdraw function

Possible DoS happening when gauge weight is changing due to underflow of `pt.slope -= d_slope`

Incorrect calculations for Surplus Auction creation cause massive surplus imbalances

Test addresses and incorrect interface in code prevent integration with UniswapV3 and Camelot

```trancheTokenAmount``` should be rounded UP when proceeding to a withdrawal or previewing a withdrawal.

ETH cannot always be unstaked using Rocket Pool

Instant arbitrage opportunity through rETH and stETH price discrepancy

Missing minimum and maximum deposit checks for bridge contract interactions

A turned solvent Party A, moreover in a case where one partyA's position has positive pnl and the amount is greater than `partyBAllocatedBalances`, the diff is omitted

AuraSpell `openPositionFarm` will revert when the tokens contains `lpToken`

AuraSpell close position open for slippage issue due to `minAmountsOut` is 0, no deadline check and the ClosePosParam's `amountOutMin` value is ignored

`totalIdle` may updated wrongly due to uncounted asset rewards from burned shares, affecting rebalance and resulting untracked asset

`queueNewRewards` contains wrong logic, resulting double transfer

Escrow amount balance is not decreased after `fillOrder` in `DirectBuyIssuer`

Price calculation using `slot0` is susceptible to flashloan exploits

`Multipool` use hard-coded assumption that the pool will always have 0.05% fee pool is danger for an edge case

No check if L2 sequencer is down in Chainlink feeds

Wrong assignment of `cumulativeBid` for RangeOrder state in getRangeOrderState function

Canceling quote or expiring a quote will be reverted because changes of `feeCollector`

Chainlink's latestRoundData might return stale or incorrect results

Oracle is not checking for sequencer uptime when IronBank deployed on Arbitrum

`PriceOracle.getPriceFromChainlink()` will return the incorrect price for asset if underlying aggregator hits `minAnswer` or `maxAnswer`

The return data of the `Invoke` function is not properly verified when using the Transfer and Approve ERC20 functions.