FULL-Restricted Staker Can Still Stake by Depositing to an Unrestricted Receiver

Same heartbeat for multiple price feeds is vulnerable

Consensus Threshold Bypass via Duplicate Signer Entries

Incorrect Indexing in `DepositQueue.cancelDepositRequest()` Corrupts Fenwick-Tree Accounting

Transfer-Whitelist Logic Inversion in `ShareManager.updateChecks`

Missing Slippage Protection in `PendlePT_sUSDe._executeInstantRedemption` Enables Sandwich Attacks

Hard-Coded Mainnet WETH Address Breaks All Non-Mainnet Deployments

Zero-Cooldown Withdrawals in EthenaWithdrawRequestManager Permanently Strand Users’ USDe

Early 72-digit adjustment in sqrt will lead to incorrect result exponent calculation

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Incorrect Token Price Validation in KeeperProxy

Creator of one vesting plan can affect vesting plans created by other users.

BuyerAgent Batch Purchase Failure Due to Asset Transfer or Approval Revocation

Potential Uninitialized `entropySlots` Reading in `getNextEntropy`, Causing 0 Entropy Mint

V3Oracle susceptible to price manipulation

Fixed Amount of Gas Sent in Call May Be Insufficient.

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.