For some cross-chain calls, the _toeComposeReceiver of BaseTOFTReceiver and USDOReceiver should check _srcChainSender == data.user

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

positionMapping for last element in heap is not updated when extracting max element

The quorumVotes can be bypassed

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Incorrect calculations in debtCeiling

Malicious borrower can decrease Guild holders reward

PartyGovernance.sol#accept - passThresholdBps isn't cached for each proposal which can lead to problems, if changed through another proposal

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

High - Funds can be lost if any participant is blacklisted

Fixed `i_arbiterFee` can prevent payment

NounsDAOV3Proposals.cancel() should allow to cancel the proposal of the Expired state

If DAO updates forkEscrow before forkThreshold is reached, the user's escrowed Nouns will be lost

`_voteSucceeded()` returns true when `againstVotes > forVotes` and vice versa

Due to inappropriately short `votingPeriod` and `votingDelay`, it is near impossible for the governance to function correctly.

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called

LybraPeUSDVaultBase.rigidRedemption should use getBorrowedOf instead of borrowed

In over liquidation, if the liquidatee has USDC-denominated assets for sale, the liquidator can buy the assets with USDC to avoid paying USDC to the liquidatee

FlashLoanLiquidate.JOJOFlashLoan has no slippage control when swapping USDC

Anyone can call commitCollateral to submit collateral on behalf of the borrower

The borrower can call commitCollateral to front run the lender and use very little collateral to get the loan

When the lendingToken is USDC, the lender can join the USDC blacklist to prevent the borrower from repaying and thus liquidate the borrower's collateral

setLenderManager may cause some Lenders to lose their assets

Does not support fee-on-transfer tokens as collateral

When there are too many collateral items, unbounded loops in deployAndDeposit and _withdraw can cause gas to be running out and the transaction to fail

lender can front run the liquidator to make the liquidator lose the collateral

CHALLENGER_REWARD can be used to drain reserves and free mint

When the challenge is successful, the user can send tokens to the position to avoid the position's cooldown period being extended

Challenges can be frontrun with de-leveraging to cause lossses for challengers

Later challengers can bid on the previous challenge to extend the expiration time of the previous challenge, so that their own challenge can succeed before the previous challenge and get challenge rewards

No slippage control when minting and redeeming FPS

need alternative ways for fund transfer in `end()` to prevent DoS

function `restructureCapTable()` in Equity.sol not functioning as expected

Some positions will get liquidated immediately

Reward accounting is incorrect in BathBuddy contract

Due to the loss of precision, openPosition will make the user's leverage higher than expected

The last borrowed asset will not be collateralized and the user may be liquidated due to insufficient collateral

When opening a position, the collateral of the previous position is used for borrowing, which makes the user more easily liquidated

RubiconMarket checks slippage incorrectly

BathBuddy contract should implement methods to pause and unpause contract

Fee inclusivity calculations are inaccurate in RubiconMarket

Incorrect fee handling in Position.sol's Market Buy/Sell functions

The curve of short leverage position is not smooth and may cause users to open positions that are different from expectations

Zero reward rate calculation impedes low-decimals token distributions

The return value of buyAllAmount is incorrect

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

If the underlying NFT is burned, getPFP may returns incorrect results

Carousel.mintRollovers will mint less shares to users, resulting in the loss of users' assets

enlistInRollover will set the ownerToRollOverQueueIndex incorrectly

mintRollovers should require entitledShares >= relayerFee

When finalTVL == 0, the emissionsToken in the vault will be locked

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

A malicious early user/attacker can manipulate pricePerShare to take an unfair share of future users' deposits

getCurrentState: When converting fee to fee_share, the latest loan_supplied should be used

reconcileSignerCount calls safe.changeThreshold with incorrect parameters

The Hats contract needs to override the ERC1155.balanceOfBatch function

reconcileSignerCount may not update safe's threshold when safe's threshold > traget

The cachedUserRewards in _withdrawUpdateRewardState are calculated incorrectly.

claimFees may cause some external rewards to be locked in the contract

SingleSidedLiquidityVault.withdraw will decreases ohmMinted, which will make the calculation involving ohmMinted incorrect

The contract does not decrease cachedUserRewards but directly increases userRewardDebts when the user claims the reward, which will result in an overflow in internalRewardsForToken/externalRewardsForToken when the user claims the reward next time.

When addInternalRewardToken/addExternalRewardToken re-add previously removed reward tokens, it will prevent users from claiming rewards

In addInternalRewardToken, when startTimestamp_ > block.timestamp, _accumulateInternalRewards will revert due to overflow

Anyone can deposit tokens outside of the whitelist into the bounty, which may result in the winner not be able to claim the prize

claimNft() does not check refunded[_depositId], which will result in the winner not claiming the prize

refundDeposit can be called after the bounty is closed, which prevents the winner of the TieredPercentageBounty from claiming the prize

Incompatible with revert-on-zero-value-transfers tokens

Staking rewards can be drained

Incorrect Reward Duration After Change in Reward Speed in MultiRewardStaking

`MultiRewardStaking.changeRewardSpeed()` breaks the distribution

syncFeeCheckpoint() does not modify the highWaterMark correctly, sometimes it might even decrease its value, resulting charging more performance fees than it should

AdapterBase should always use delegatecall to call the functions in the strategy

`Vault.redeem` function does not use `syncFeeCheckpoint` modifier

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Possible scenario for Signature Replay Attack

Users may not claim Erc1155 rewards when the Quest has ended

User may loose rewards if the receipt is minted after quest end time

Cooler: the lender can liquidate the borrower by refusing to be repaid.

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

When the interest is 0, roll() may fail

Loss of user funds when completing CASH redemptions

ERC5095 has not approved MarketPlace to spend tokens in ERC5095

When Public Vault A buys out Public Vault B's lien tokens, it does not increase Public Vault A's liensOpenForEpoch, which would result in the lien tokens not being repaid

A malicious private vault can preempt the creation of a public vault by transferring lien tokens to the public vault, thereby preventing the borrower from repaying all loans

Buying out corrupts the slope of a vault, reducing rewards of LPs

ERC4626RouterBase.withdraw can only be called once

When a private vault offers a loan in ERC777 tokens, the private vault can refuse to receive repayment in the safeTransferFrom callback to force liquidation of the borrower's collateral

Users are unable to mint shares from a public vault using `AstariaRouter` contract when share price is bigger than one

`FeeRefund.tokenGasPriceFactor` is not included in signed transaction data allowing the submitter to steal funds

TwapInterval in getPositionValue is too small

PerpDepository: totalFeesPaid calculated incorrectly

No approve spotSwapper in _rebalanceNegativePnlWithSwap

MinipoolManager: recordStakingError function does not decrease minipoolCount leading to too high GGP rewards for staker

NodeOp can get rewards even if there was an error in registering the node as a validator

slashing fails when node operator doesn't have enough staked `GGP`

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

Bypass `whenNotPaused` modifier

Coding logic of the contract upgrading renders upgrading contracts impractical

Reentrancy in buy function for ERC777 tokens allows buying funds with considerable discount

Liquidity providers may lose funds when adding liquidity

First depositor can break minting of shares

Lock.sol: assets deposited with Lock.extendLock function are lost

Must approve 0 first

GovNFT: maxBridge has no effect

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

Governance NFT holder, whose NFT was minted before `Trading._handleOpenFees` function is called, can lose deserved rewards after `Trading._handleOpenFees` function is called

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit

`PrePOMarket.setFinalLongPayout()` shouldn't be called twice.

Manager can get around min reserves check, draining all funds from Collateral.sol

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

Escher721 contract does not have setTokenRoyalty function

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

When a smart contract calls CrossChainRelayerArbitrum.processCalls, excess submission fees may be lost

When the tokens sent by the payer to the stream are greater than tokenAmount, the excess tokens can only be withdrawn by calling cancel()

If the recipient is added to the USDC blacklist, then cancel() does not work

Anyone can steal CryptoPunk during the deposit flow to WPunkGateway

Interest rates are incorrect on Liquidation

NTokenMoonBirds Reserve Pool Cannot Receive Airdrops

In `ERC20`, `TotalSupply` is broken

Stealing Wrapped Manifest in WETH.sol

Anyone can create Proposal Unigov Proposal-Store.sol

It's not possible to execute governance proposals through the GovernorBravoDelegate contract

Comptroller uses the wrong address for the WETH contract

Accountant can't be initialized

AccountantDelegate: sweepInterest function will destroy the cnote in the contract.

Note: When _initialSupply ! = 0, the _mint_to_Accountant function will fail

Anyone can call checkOrder to front-run depositAuction/withdrawAuction

USDC banned addresses can DOS netAtPrice/withdrawAuction function

Vault_Synths.openLoan: totalUSDborrowed calculated incorrectly

priceLiquidity() may not work if PriceFeed.aggregator() is updated

Malicious Users Can Drain The Assets Of Auto Compound Vault

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

DEPOSITOR_ROLE can be granted by the deployer of BribeVault and transfer briber's approved ERC20 tokens to bribeVault by specifying any bribeIdentifier and rewardIdentifier

SafeERC20.sol is imported but not used in the transferBribes() function

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

Deposit Feature Of The Vault Will Break If Update To A New Platform

Anyone can call AutoPxGmx.compound and perform sandwich attacks with control parameters

Users can front-run StakingModule.slash

Use oz's safeERC20 library to transfer tokens.

Not compatible with fee-on-transfer tokens

withdrawToken may not work

Not compatible with fee-on-transfer tokens

function withdrawETH from GiantMevAndFeesPool can steal most of eth because of idleETH is reduced before burning token

Incorrect accounting in SyndicateRewardsProcessor results in any LP token holder being able to steal other LP tokens holder's ETH from the fees and MEV vault.

Sender transferring GiantMevAndFeesPool tokens can afterward experience pool DOS and orphaning of future rewards

Reentrancy vulnerability in GiantMevAndFeesPool.withdrawETH

Old stakers can steal deposits of new stakers in `StakingFundsVault`

Node runners can lose all their stake rewards due to how the DAO commissions can be set to a 100%

When users transfer GaintLP, some rewards may be lost.

Protocol can be easily rug-pulled by the owner

All orders which use expirationTime == 0 to support oracle cancellation are not executable.

Incorrect logic when Staking.unstake is called by the approved user

Governance.queue should increase proposalsPassed instead of proposalsCreated

Too much fee charged when Seaport is partially filled

Denial of service when `baseAmount` is equal to zero

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Lender can trade claimToken in a malicious way to steal the borrower's money via claimAndRepay() in SpigotedLine by using malicious zeroExTradeData

Variable balance ERC20 support

address.call{value:x}() should be used instead of payable.transfer()

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

WithdrawPeriphery: withdrawToken/redeemToken allows users to withdraw other users' approved shares

Attacker can manipulate the pricePerShare to profit from future users' deposits

Pausing `WardenPledge` contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling `closePledge` or `retrievePledgeRewards` function

Due to loss of precision, targetVotes may not reach

Owner can transfer all ERC20 reward token out using function recoverERC20

User can free from liquidation fee if its escrow balance is less than the calculated liquidation fee.

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

premium will not be refunded in lend() for Swivel

The unpaused modifier should be added to authRedeem and autoRedeem

Users can provide Illuminate principal tokens to mint Illuminate principal tokens, which will reduce the number of underlying tokens redeemed by all users

Incorrect slippage control in ERC5095.mint

protocolFee/buyoutFee cannot be set

The supply of NFT for each tokenID in ERC1155NFTProduct cannot be modified after the first minting

NFTCollection: No limit on royaltiesBps

Bond tokens (HLG) can get permanently stuck in operator

`_payoutToken[s]()` is not compatible with tokens with missing return value

Outstanding reserved tokens are incorrectly counted in total redemption weight

Making a payment to the protocol with `_dontMint` parameter will result in lost fund for user.

NFT not minted when contributed via a supported payment terminal

Borrowers can borrow to update vouch.lastUpdated before the loan is overdue, thus avoiding the staked tokens from being frozen

AssetManager.withdraw may not withdraw the correct amount of tokens

Transfering funds to yourself increases your balance

Incorrect output amount calculation for Trader Joe V1 pools

Wrong calculation in function `LBRouter._getAmountsIn` make user lose a lot of tokens when swap through JoePair (most of them will gifted to JoePair freely)

Governor can rug pull the escrow

Protocol can be easily rug-pulled by the owner

All orders which use expirationTime == 0 to support oracle cancellation are not executable.

First depositor can break minting of shares

Chainlink's latestRoundData might return stale or incorrect results

Malicious users can provide liquidity on behalf of others to keep others in the liquidity cooldown

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

sfrxETH: The volatile result of previewMint() may prevent mintWithSignature from working

Supply cap of VariableSupplyERC20Token is not properly enforced

Can Recover Gobblers Burnt In Legendary Mint

Not compatible with Rebasing/Deflationary/Inflationary tokens

Using the transferFrom function of an ERC721 contract may freeze the user's NFT

withdrawPayments() calls native payable.transfer, which can be unusable for smart contract calls

User fund lost because they can't withdraw() their funds before epoch startTime and they have to stuck in positions that become unprofitable even when epoch is not started

`timewindow` can be changed unexpectedly that blocks users from calling `deposit` function

StakingRewards: recoverERC20() can be used as a backdoor by the owner to retrieve rewardsToken

StakingRewards.sol#notifyRewardAmount() Improper reward balance checks can make some users unable to withdraw their rewards

StakingRewards reward rate can be dragged out and diluted

After the vault expires, users may still receive rewards through the StakingRewards contract

AuctionCrowdfund: If the contract was bid on before the NFT was gifted to the contract, lastBid will not be totalContributions

Attacker can force AuctionCrowdfunds to bid their entire contribution up to maxBid

Early contributor can always become majority of crowdfund leading to rugging risks.

A malicious user can send tokens to the TribeRedeemer contract to make the redeem function work, and other users may lose assets as a result

Hackers can deploy token with respective name as the stable one to impersonate the stable token

Multiple vote checkpoints per block will lead to incorrect vote accounting

A proposal can be cancelled by anyone if the proposal has exactly proposalThreshold votes

Founders can receive less tokens that expected

A proposal can pass with 0 votes in favor at early DAO stages

Quorum votes have no effect for determining whether proposal is defeated or succeeded when token supply is low

LEther: beforeDeposit()/beforeWithdraw() should be called at the beginning of depositEth()/redeemEth()

Chainlink's latestRoundData might return stale or incorrect results

Voted votes cannot change after the user are issued with new votes or the user's old votes are revoked during voting

OlympusGovernance: Users can prevent their votes from being revoked

Heart will stop if all rewards are swept

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

ERC721Checkpointable: delegateBySig allows the user to vote to address 0, which causes the user to permanently lose his vote and cannot transfer his NFT.

The current implementation of the VotingEscrow contract doesn't support fee on transfer tokens

`liquidate()` doesn't mark off bad debt, leading to a 'last lender to withdraw looses' scenario

Wrong percent for `FraxlendPairCore.dirtyLiquidationFee`.

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol

Possible to bypass saleConfig.limitPerAccount

Registry.sol works bad - it fails to delivere expected functionality

Malicious targets can manipulate MIMOProxy permissions

Builder can call `Community.escrow` again to reduce debt further using same signatures

In Project.setComplete(), the signature can be reused when the first call is reverted for some reason.

Missing upper limit definition in replaceLenderFee() of HomeFi.sol

unpaused(p) modifier missing in authRedeem function

transfer() depends on gas consts

The `unwrapETH2LD` use `transferFrom` instead of `safeTransferFrom` to transfer ERC721 token

Renew of 2nd level domain is not done properly

Forced buyouts can be performed by malicious buyers

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract

Malicious User Could Burn The Assets After A Successful Migration

An attacker can DoS vault's buyout with as little as 1 wei per 4 days

Delegate call in `Vault#_execute` can alter Vault's ownership

Use of `payable.transfer()` may lock user funds

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Grieffer beneficiary can cause DOS

Use a safe transfer helper library for ERC20 transfers

Code credits fee-on-transfer tokens for amount stated, not amount transferred

changeTokenOf makes it impossible for holders of oldToken to redeem the overflowed assets.

JBToken: mint function could mint arbitrary amount of tokens

Order duration can be set to 0 by Malicious maker

An attacker can create a short put option order on an NFT that does not support ERC721(like cryptopunk), and the user can fulfill the order, but cannot exercise the option

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Malicious Token Contracts May Lead To Locking Orders

AccountantDelegate: The sweepInterest function sweeps an incorrect number of cnote.

Stableswap - Deadline do not work

NibblVault: In the buy function, users can avoid paying fees

Basket NFT have no name and symbol

`Staking.sol#stake()` DoS by staking 1 wei for the recipient when `warmUpPeriod > 0`

Staking: the rebase function needs to be called before calling the function in the Yieldy contract that uses the rebasingCreditsPerToken variable

No way to set CURVE_POOL approval after setting new curve pool address

Staking: rebase() does not rebase according to the status of the current epoch.

Redeemer.redeem() for Element withdraws PT to wrong address.

Tempus lend method wrongly calculates amount of iPT tokens to mint

ERC5095 redeem/withdraw does not update allowances

Incorrect implementation of APWine and Tempus `redeem`

Unable to redeem from Notional

The lend function for tempus uses the wrong return value of depositAndFix

Illuminate PT redeeming allows for burning from other accounts

[H-05] Not minting iPTs for lenders in several lend functions

Pendle Uses Wrong Return Value For `swapExactTokensForTokens()`

Swivel lend method doesn't pull protocol fee from user

Lend method signature for illuminate does not track the accumulated fee

[M-01] Easily bypassing admins 'pause' for swivel

`Lender.mint()` May Take The Illuminate PT As Input Which Will Transfer And Mint More Illuminate PT Cause an Infinite Supply

`_harvest` has no slippage protection when swapping `auraBAL` for `AURA`

Badger rewards from Hidden Hand can permanently prevent Strategy from receiving bribes

Overpayment of native ETH is not refunded to buyer

Accumulated ETH fees of InfinityExchange cannot be retrieved

Protocol fee rate can be arbitrarily modified by the owner and the new rate will apply to all existing orders

ETH mistakenly sent over with ERC20 based takeOrders and takeMultipleOneOrders calls will be lost

In `ERC20`, `TotalSupply` is broken

Stealing Wrapped Manifest in WETH.sol

Anyone can create Proposal Unigov Proposal-Store.sol

It's not possible to execute governance proposals through the GovernorBravoDelegate contract

Comptroller uses the wrong address for the WETH contract

Accountant can't be initialized

AccountantDelegate: sweepInterest function will destroy the cnote in the contract.

Note: When _initialSupply ! = 0, the _mint_to_Accountant function will fail

Misconfiguration of Fees Incentive Might Cause Tokens To Be Stuck In `Booster` Contract

Malicious user can populate `rewards` array with tokens of their interest reaching limits of `MAX_REWARD_TOKENS`

VeloGovernor: proposalNumerator and team are updated by team, not governance

RubiconRouter: Offers created through offerWithETH() can be cancelled by anyone

RubiconRouter: Offers created through offerForETH cannot be cancelled

First depositor can break minting of shares

RubiconRouter: Excess ether did not return to the user

No cap on fees can result in a DOS in BathToken.withdraw()

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

Possible lost msg.value

Duplicate LP token could lead to incorrect reward distribution

ConvexMasterChef: When using add() and set(), it should always call massUpdatePools() to update all pools

ConvexMasterChef: When _lpToken is cvx, reward calculation is incorrect

ConvexMasterChef: safeRewardTransfer can cause loss of funds

Use safeTransferFrom instead of transferFrom for ERC721 transfers

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

User's may accidentally overpay in `buyOption()` and the excess will be paid to the vault creator

AutoleverageBase: Must approve 0 first

SpeedBumpPriceGate: Excess ether did not return to the user

amount requires to be updated to contract balance increase (1)

Missing check in the updateValset function

Protocol doesn't handle fee on transfer tokens

Use of `.send()` May Revert if The Recipient's Fallback Function Consumes More Than 2300 Gas

Chainlink pricer is using a deprecated API

_depositAmount requires to be updated to contract balance increase

SuperVault's leverageSwap and emptyVaultOperation can become stuck

The return value `success` of the get function of the INFTOracle interface is not checked

Critical Oracle Manipulation Risk by Lender

Chainlink's latestRoundData might return stale or incorrect results

`call()` should be used instead of `transfer()` on an `address payable`

ERC20Gauges: The _incrementGaugeWeight function does not check the gauge parameter enough, so the user may lose rewards.

IndexLogic: An attacker can mint tokens for himself using assets deposited by other users

Chainlink's latestRoundData might return stale or incorrect results

StakedCitadel doesn't use correct balance for internal accounting

StakedCitadel: wrong setupVesting function name

[WP-H3] `saleRecipient` can rug buyers

New vest reset `unlockBegin` of existing vest without removing vested amount

KnightingRound tokenOutPrice changes

When _lpToken is jpeg, reward calculation is incorrect

Chainlink pricer is using a deprecated API

Unsupported fee-on-transfer tokens

Not calling `approve(0)` before setting a new approval causes the call to revert when used with Tether (USDT)

Protocol doesn't handle fee on transfer tokens

Splitter: Anyone can call incrementWindow to steal the tokens in the contract

Users at UNSTAKE_PERIOD can assist other users in unstaking tokens.

cooldown is set to 0 when the user sends all tokens to himself.

`AnyswapFacet` can be exploited to approve arbitrary tokens.

LibSwap: Excess funds from swaps are not returned

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit

`PrePOMarket.setFinalLongPayout()` shouldn't be called twice.

Manager can get around min reserves check, draining all funds from Collateral.sol

COLLATERAL_MINTER_ROLE can be granted by the deployer of QuantConfig and mint arbitrary amount of tokens

Usage of deprecated Chainlink functions

Incorrect implementation of Lender can result in lost tokens

`sharesToTokenAmount`: Division by zero

Owners have absolute control over protocol

SendValueWithFallbackWithdraw: withdrawFor function may fail to withdraw ether recorded in pendingWithdrawals

`adminAccountMigration()` Does Not Update `buyPrice.seller`

BURNER_ROLE can burn any amount of EthErc20 from an arbitrary address

transferredAmount on mainnet can be drained if a malicious account can mint more tokens on Schain

Liquidations can be run on the bogus Oracle prices

TurboRouter: deposit(), mint(), createSafeAndDeposit() and createSafeAndDepositAndBoost() functions do not work

Malicious Users Can Drain The Assets Of Auto Compound Vault

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

DEPOSITOR_ROLE can be granted by the deployer of BribeVault and transfer briber's approved ERC20 tokens to bribeVault by specifying any bribeIdentifier and rewardIdentifier

SafeERC20.sol is imported but not used in the transferBribes() function

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

Deposit Feature Of The Vault Will Break If Update To A New Platform

Anyone can call AutoPxGmx.compound and perform sandwich attacks with control parameters

[WP-M1] Inappropriate handling of `referralFee` makes collecting Mirror fails without error when `referrerProfileId` is burned

StakedCitadel doesn't use correct balance for internal accounting

StakedCitadel: wrong setupVesting function name

[WP-H3] `saleRecipient` can rug buyers

New vest reset `unlockBegin` of existing vest without removing vested amount

KnightingRound tokenOutPrice changes

Wrong reward token calculation in MasterChef contract

Repeated Calls to Shelter.withdraw Can Drain All Funds in Shelter

Oracle data feed is insufficiently validated.

Double transfer in the `transferAndCall` function of `ERC677`

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

[WP-M1] `BURNER_ROLE` can burn any amount of L2LivepeerToken from an arbitrary address

deposit() function is open to reentrancy attacks

Vaults with non-UST underlying asset vulnerable to flash loan attack on curve pool

The reentrancy vulnerability in _safeMint can allow an attacker to steal all rewards

`VaderPoolV2` minting synths & fungibles can be frontrun

buyAndSwap1155WETH() function may cause loss of user assets

The return value of the _sendForReceiver function is not set, causing the receiver to receive more fees

Malicious receiver can make distribute function denial of service