LP rewards are accumulated after burning in the redeem flow

Funds may be stored in the wrong contract on depositing liquidity

Execution fee for providing liquidity may be taken from the wrong vault

`tradeCollateralTokenDatas[token].totalCollateral` is never reduced

Keeper pays gas for all withdrawals

Valid redemption proposals can be disputed by decreasing collateral

Closing a SR during a wrong redemption proposal leads to loss of funds

Valid redemption proposals can be disputed when bad debt occurs by applying it to a SR outside of the proposal

Users can win rounds without risking any funds

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

Rewards can be drained because of lack of access control

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Fees are hardcoded to 3000 in ExactInputSingleParams

Wrong Implementation of `LiquidationPool::empty` excludes holder with pending stakes when decreasing a position, resulting in exclusion from asset distribution

Incorrect calculation of amount of EURO to burn during liquidation

Removing assets in the `TokenManager` leads to major issues

Removal of approved token from token manager can lead to unintended liquidation of vaults

Lack of Minimum Amount Check in `SmartVaultV3::mint`, `SmartVaultV3::burn`, and `SmartVaultV3::swap` Can Result in Loss of Fees

The creation of bad debt (`mark-down` of Credit) can force other loans in auction to also create bad debt

Replay attack to suddenly offboard the re-onboarded lending term

Auction manipulation by block stuffing and reverting on ERC-777 hooks

try-catch does not store the state when it is reverted

Yield in trove is lost when closing a strategy vault

`emergencyPause` does not check the state before running && can cause loss of funds for users

The transfer of ERC-20 tokens with blacklist functionality in process functions can lead to stuck vaults

`emergencyClose()` may fail to repay any debt

Missing minimum token amounts in the emergency contract functions allows MEV bots to take advantage of the protocols emergency situation

Chainlinks oracle feeds are not immutable

Missing fees allow cheap griefing attacks that lead to DoS

Soft Restricted Staker Role can withdraw stUSDe for USDe

Owner of a bad ShortRecord can front-run flagShort calls AND liquidateSecondary and prevent liquidation

Flag can be overriden by another user

Margin callers can drain the TAPP during liquidation by willingly increase gas costs with the shortHintArray

Loss of precision in `twapPriceInEther` due to division before multiplication

Lack of Duplicate ID Check in combineShorts Function

Changes in `dittoShorterRate` affect retroactively to accrued Ditto yield shares

The protocol allows less flags to be generated than possible which could lead to a DoS of the primary liquidation process

Improper precision of strike price calculation can result in broken protocol

The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations

Blacklisted STADIUM_ADDRESS address cause fund stuck in the contract forever

If a winner is blacklisted on any of the tokens they can't receive their funds

Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function

DAI Tokens at Risk Due to Lack of address(0) Check in distribute

Tokens with less than 18 decimals allow for draining of funds

Lender contract can be drained by re-entrancy in `setPool`

Borrower can use Refinance to cancel auctions so they can extend their loan indefinitely

During refinance() new Pool balance debt is subtracted twice

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Using forged/fake lending pools to steal any loan opening for auction

Lender can Sandwich a borrower to seize his collateral

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

Double checks

Use `==` instead for `<=` for `uints` when comparing for `zero` values

[H-01] Lack of emergency withdraw function when no arbiter is set

Constructor of `Escrow` should make sure that `buyer`, `seller`, `arbiter` are different from each other.

addLiquidity Sandwich Attack for unbalanced token deposits