Incorrect handling of `_listings` mapping variable in `Listings.sol#reserve()` function

The owner of LiquidationListing can steal funds from the protocol.

Rounding error when calculating `param.quorumVotes` in `CollectionShutdown` contract

The `shutdownVoters` is not processed in the `CollectionShutdown.sol#cancel()` function.

In the `Listings.sol#relist()` function, `listing.created` is not set to `block.timestamp`.

Incorrect CheckPoint of ProtectedListings created within the same block

Incorrect Logic of Refund mechanism in the `Locker.sol#initializeCollection()` function

Incorrect handling of `created` in `Listings.sol#modifyListings()` function

Missing of the validation for token allowance in the `RedemptionVault.sol#_approveRequest()` function

Incorrectly assigned `decimal1` parameter upon decoding

The maximum number of generations is infinite

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Excess ETH from `forgingFee` can get stuck in `EntityForging` under certain situations

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Rewards may not be charged when depositing.

The `StakedEXA.sol#harvest()` function can be DoSed.

Users cannot receive reawrds accurately, and the remaining rewards are permanently locked in the contract.

Users do not lose voting power even after the lock duration of the`Staking Position` has expired.

DoS by the Incorrect validation in function `BribeRewarder.sol#_modify()`.

A DoS occurs because the Fee_On_Transfer token is not supported in the `BribeRewarder.sol#fundAndBribe()` function.

A malicious attacker can damage the bribe distribution function at low cost.

Incorrect handling of gauge rewards in `pauseGauge` and `killGaugeTotally` functions of `Voter` contract.

Incorrect withdraw queue balance in TVL calculation

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Lack of slippage and deadline during withdraw and deposit

Withdrawals and Claims are meant to be pausable, but it is not possible in practice

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

Withdrawals in AccountManager are prone to DOS attacks.

The `TVLHelper.sol#getTVL` function is DOSed by the `under collateralized connector`, and as a result, many parts of the protocol may be DOS.

Attacker can increase the length of `withdrawQueue` by withdrawing 0 amount of tokens frequently

Collateral assets are locked without being transferred to the liquidator in the `LenderCommitmentGroup_Smart.sol#liquidateDefaultedLoanWithIncentive()` function.

Some collateral will be locked in the contract

Issue with Fee Distribution in `FeeManager.sol` Prevents Collection Referrers from Receiving Fees

Denial of Service (DOS) Vulnerability in `Edition.sol#mintBatch()`

User can get their Kerosene stuck because of an invalid check on withdraw

setUnboundedKerosineVault not called during deployment, causing reverts when querying for Kerosene value after adding it as a Kerosene vault

Distribution of `ZVE` Tokens to ITO users is not supplied as intended by the protocol.

Unrestricted Access to `depositReward()` in `ZivoeRewards.sol`

DOS may be occur in function `OCL_ZVE.sol#pushToLockerMulti()`

Wrong leg `chunkKey` calculation in `haircutPremia` function

`DailyLendIncreaseLimitLeft` and `dailyDebtIncreaseLimitLeft` are not adjusted accurately.

Users can lend and borrow above allowed limitations

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract

Lack of Slippage Protection in `withdraw`/`redeem` Functions of the Vault

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete