Incorrect check will DOS adding liquidity for balancer pool from locked SYMM amounts

Rewards distribution duration can be doubled and rate almost halved because of constant reset duration attack

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Fee-on-transfer token handling issue in `Treasury::deposit` leads to permanent fund loss

Multiple Token Management Lets Withdraw a Token Different than Deposited Token

Boost calculator does not incorporate time weighted averages in its calculation

Minting bond tokens during the Auction will not leave enough coupon tokens for every user to claim

Blacklisted addresses can DOS the auction

Auction can be failed repeatedly reliably by an Attacker by bidding high reserve amount

Auction pool sale limit fails to consider the amount of fees owed

Users can claim more that their actual allotment

Incorrect referral fee calculations

Listing potential can not be purchased with discounted price

Minting zero tokens when underlyingToken is not Ether in cashIn()

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

User loses more deposit value because of incorrect fee calculation

Attacker will de-list entries to borrowOrders factory

Attacker will de-list lend offers in LendOfferFactory

Bonds created in year cross epoch's can lead to lost payouts

Incorrect Handling of Last Nominee Removal in `removeNominee` Function

Invalid validation allows users to unlock early

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Minter / Staker / Spender roles can never be revoked`..,

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Bonds created in year cross epoch's can lead to lost payouts

Incorrect Handling of Last Nominee Removal in `removeNominee` Function

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime