Yul `call` return value not checked

Attacker may DOS auctions using invalid bid parameters

Variable balance ERC20 support

address.call{value:x}() should be used instead of payable.transfer()

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Pausing `WardenPledge` contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling `closePledge` or `retrievePledgeRewards` function

Protocol withdrawals of collateral can be unexpectedly locked if governance sets the `collateralFactorBps` to 0.

Oracle assumes token and feed decimals will be limited to 18 decimals

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Missing upper limit definition in replaceLenderFee() of HomeFi.sol

Fund will be stuck if a buyout is started while there are pending migration proposals

Migration: no check that user-supplied `proposalId` and `vault` match

Malicious User Could Burn The Assets After A Successful Migration

Migration.join() and Migration.leave() can still work after unsucessful migration.

`fallback()` function can bypass permission/auth checks imposed in `execute()`

Use of `payable.transfer()` may lock user funds

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Use a safe transfer helper library for ERC20 transfers

Unhandled chainlink revert would lock all price oracle access

Order duration can be set to 0 by Malicious maker

Overpayment of native ETH is not refunded to buyer

Accumulated ETH fees of InfinityExchange cannot be retrieved

Incorrect condition always bound to fail

Incorrect Adopted mapping on updating wrapper token

Rewards aren't updated before user's balance change in Gauge's withdrawToken