`Auction.endAuction()` will always revert, locking gathered funds

`Pool.getRedeemAmount` division before multiplication produce lose of precision of USD value backing up leverage tokens

`Distributor.claim()` allow claiming coupon tokens from non successful auctions

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

Incorrect withdraw queue balance in TVL calculation

Lack of slippage and deadline during withdraw and deposit

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Liquidation bonus logic is wrong

Rewards can be drained because of lack of access control

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Missing deadline check allow pending transactions to be maliciously executed

Wrong Implementation of `LiquidationPool::empty` excludes holder with pending stakes when decreasing a position, resulting in exclusion from asset distribution

Incorrect calculation of amount of EURO to burn during liquidation

Attackers can mint vaults to a victim to gas grief them

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES

`Factory.create`: Predictability of pool address creates multiple issues.

RubiconMarket: buy() may not take any fee for tokens with low decimal precision

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

Stuck ether when use function `stake` with empty `derivatives`(`derivativeCount` = 0)

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

DAO.execute(bytes32, Action[], uint256) is vulnerable to re-entrancy attacks

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

Reentrancy in buy function for ERC777 tokens allows buying funds with considerable discount

Liquidity providers may lose funds when adding liquidity

BondNFT#extendLock force a user to extend the bond at least for current bond.period

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

Trading#initiateMarketOrder allows to open a position with more margin than expected due to _handleOpenFees wrong calculation when a trade is referred

Front-running admin setPrice call allows a single compromised oracle to set any price, allowing the oracle manipulator to drain all protocol funds

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

Yul `call` return value not checked

call opcode's return value not checked.

address.call{value:x}() should be used instead of payable.transfer()

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Users can avoid paying fees if they manage to update their accrued fees periodically

OlympusGovernance#executeProposal: reentrancy attack vulnerable function

Unsafe casting from int128 can cause wrong accounting of locked amounts

FraxlendPair#setTimeLock: Allows the owner to reset TIME_LOCK_ADDRESS