BoostedCore lack functions to invoke incentive#clawback and incentive#drawRaffle function

Both block.prevrandao and block.timestamp are not reliably source of randonness

claimRoyalties in InfernalRiftBelow.sol lack access control

User lose fund when vote after the shutdown is canceled

Should not use of tx.origin track user address

Not handling the failure of cross chain messaging

Lack of slippage and deadline during withdraw and deposit

L1::xRenzoBridge and L2::xRenzoBridge uses the block.timestamp as dependency, which can cause issue.

Withdrawals and Claims are meant to be pausable, but it is not possible in practice

`BalancerConnector::_getPositionTVL` is calculated incorrectly

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

It is possible to open insolvent position is Silo connector, due to missing check in borrow function

The `TVLHelper.sol#getTVL` function is DOSed by the `under collateralized connector`, and as a result, many parts of the protocol may be DOS.

In the BalancerConnector, unclaimed rewards are not included in the calculation of the connectors TVL

Balancer flashloan contract can be DOSed completely by sending 1 wei to it

`depositQueue.queue` in `AccountingManager` can be flooded causing a DoS

No function to claim the reward in `PancakeswapConnector`.

`PendlingConnector::depositIntoMarket()` `PendlingConnector::burnLP()` and are missing slippage control parameters.

Mulptile dispute game may leads to race condition and lack of input validation from l2 block number

Taiko L1 - Proposer can maliciously cause loss of funds by forcing someone else to pay prover's fee

Signatures can be replayed in `withdraw()` to withdraw more tokens than the user originally intended.

retryMessage unable to handle edge cases.

There is no slippage check for the eth deposits processing in the `LibDepositing.processDeposits`

Malicious caller of `processMessage()` can pocket the fee while forcing `excessivelySafeCall()` to fail

lack of market helper address validation allows theft of fund

Fully exercise option to receive fully eligible amount via TOFTOptionsReceiverModule may result in loss of fund

Owner check logical should use && instead of || when rebalancing

Share computing for reward distribution is incorrect

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Constraints of dailyAllowanceReplenishTime and allowanceRemaining during mint() can be bypassed by using alias accounts & safeTransferFrom()

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

SubAccount operator steal funds via the gas refund mechanism.

if the Virtual Account's owner is a Contract Account (multisig wallet), attackers can gain control of the Virtual Accounts by gaining control of the same owner's address in a different chain

All tokens can be stolen from `VirtualAccount` due to missing access modifier

```trancheTokenAmount``` should be rounded UP when proceeding to a withdrawal or previewing a withdrawal.

CreateOfferer.sol should not enforce the nonce incremented sequentially, otherwise user can DOS the contract by skipping order

All bridged funds will be lost for the users using the account abstraction wallet

Fully slashed transcoder can vote with 0 weight messing up the voting calculations

The logic in _handleVoteOverride to determine if an account is transcoder is not consistent with the logic in the BondManager.sol

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

Missing slippage parameter on Uniswap `addLiquidity()` function

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

No slippage protection for bonders

lack of access control in LendingLedger.sol#checkpoint_lender and function checkpoint_market

Mav oracle LP price can be manipulated

Malicious user can claim the reward for contract to make the user lose convex reward

Balancer reentrancy check waste too much gas and can revert transaction in out of gas error

Malicious / delayed tellor price feed data can be consumed before it get disputed and removed

Swell eth oracle can be maipulated by third party easily

curve admin can drain pool via reentrancy (equal to execute emergency withdraw and rug tokenmak fund by third party)

TOFT and USDO Modules Can Be Selfdestructed

`LidoEthStrategy._currentBalance` is subject to price manipulation, allows overborrowing and liquidations

Ability to steal user funds and increase collateral share infinitely in BigBang and Singularity

[HB10] `AaveStrategy.sol`: Changing swapper breaks the contract

BigBang and Singularity should not pause repay() and liquidate()

In case of Loss to the Yearn Vault, the Contract will stop working until the loss is repaid

Oracle is susceptible to manipulation if deployed on Optimism

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

BigBang/Singularity::sellCollateral - Surplus of collateral with regards to repay amount is never returned to user

AaveStragety#withdraw and emergecyWithdraw can revert if the supply cap is reached or isFrozen flag is on when compounding

Loss of COMP reward in CompoundStragety.sol

Compounding mechanism is broken/flawed in ConvexTricryptoStrategy

mTapiocaOFT can't be rebalanced because the Balancer in tapiocaz-audit calls swapETH() or swap() of the RouterETH but does not forward ether for the message fee

`_getDiscountedPaymentAmount` doesn't work for tokens with more than 18 decimals

All fund from Teller contract can be drained because a malicious receiver can call reclaim repeatedly

All funds can be stolen from FixedStrikeOptionTeller using a token with malicious decimals

Blocklisted address can be used to lock the option token minter's fund

Loss of option token from Teller and reward from OTLM if L2 sequencer goes down

Use A's staked token balance can be used to mint option token as reward for User B if the payout token equals to the stake token

IERC20(token).approve revert if the underlying ERC20 token approve does not return boolean

Division before multiplication result in loss of token reward if the reward update time elapse is small

FixedStrikeOptionTeller: create can be invoked when block.timestamp == expiry but exercise reverts

OTLM: Stakers unable to claim their rewards

Bypass the blacklist restriction because the blacklist check is not done when minting or burning

Escrow record not cleared on cancellation and order fill

Cancellation refunds should return tokens to order creator, not recipient

No slippage protection and deadline check when swapping

Does not validate price freshness when using the oracle price, allowing stale oracle price to be used

Wrong oracle address used for WBTC oracle

No slippage control when swapping asset

Lack of access for mintRebalancer and burnRebalancer in USSD

Poor validation of the price allows negative price or zero price to be used

No redeem function implemented

Poor validation of the chainlink oracle timestamp and round id

Claiming accumulated rewards while the contract is underfunded can lead to a loss of rewards

Calculating new rewards is susceptible to precision loss due to division before multiplication

FootiumEscrow token approval still stays even when Club NFT is sold / transferred

Does not handle the ERC20 transfer and approve return value

Certain ERC20 token does not return bool from approve and transfer and transaction revert

SafeMint in FootiumClub.sol is not EIP 721 complaint

Missing slippage control in CurveSpell swap

Deadline check is not effective, allowing outdated slippage and allow pending transaction to be unexpected executed

Missing checks for whether Arbitrum Sequencer is active

Complete loss of fund when using DepositStableCoinToDealer.sol

Subaccount does not handle ETH well

The cost of the price manipulation is low for newly created pool with different fee setting

User can use malicious token / asset to block withdraw by calling CollateralManager.sol#commitCollateral

Borrower can change term after the lender accept bids to rug the lender

Lack of access in CollateralManager.sol#withdraw function

Lack of support for fee-on-transfer

Protocol owner can charge high protocol fee with no upper limit

Can't pause or remove a minter

need alternative ways for fund transfer in `end()` to prevent DoS

function `restructureCapTable()` in Equity.sol not functioning as expected

PrivatePool owner can steal all ERC20 and NFT from user via arbitrary execution

Pool tokens can be stolen via `PrivatePool.flashLoan` function from previous owner

The `royaltyRecipient` could not be prepare to receive ether, making the `sell` to fail

Transaction revert if the baseToken does not support 0 value transfer when charging changeFee

`Factory.create`: Predictability of pool address creates multiple issues.

EthRouter can't perform multiple changes

Some positions will get liquidated immediately

DOS of market operations with malicious offers

RubiconMarket checks slippage incorrectly

An attacker can steal all tokens of users that use `FeeWrapper`

Use of `block.number` leads to incorrect interest calculations

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

No slippage protection on `stake()` in SafEth.sol

DoS due to external call failure

Missing derivative limit and deposit availability checks will revert the whole `stake()` function

Lack of deadline for uniswap AMM

A malicious early user/attacker can manipulate the Token's pricePerShare to take an unfair share of future users' deposits

Improper token scaling when handling the low precision ERC20 token

Invalid finding Please disard: Smart contract should not accrue fee shares when the feeRecipient address is address(0)

Seller can withdrawal in any cycle and can withdraw any amount with the help of flashloan after two cycles passes

Buyer can transfer the Goinfinch Pool Position NFT multiple times to different address to buy the premium protection multiple times, result in double counting of the protection amount

Unbounded loop can consume all gas and revert transaction in multiple places.

Front-runnable state update for lending pool

IchiLpOracle is vulnerable to manipulation

Lack of slippage control and deadline check when depositing into / withdraw from the IChiVaultSpell and IChiFarm integration

Refund NFT via DepositManager failed to clean up the nftDeposits array, result in failure when claiming the reward from ClaimManager.sol

User can fund the bounty contract with malicious ERC20 token or NFT token to block developer’s claim at very low cost

Developer cannot claim the bounty if the token revert in 0 amount transfer after the user get the bounty refund after funding the bounty contract

User should not be able to get the refund before the developer claim the bounty and after the bounty is closed

User can fund ERC721 as ERC20 to block developer’s bounty withdraw from Bounty contract

Unbounded gas consumption When calling BountyCore#getLockedFunds

A user can maliciously take the advantage of the refundDeposit to claim refund for other user

Malicious Users Can Drain The Assets Of Vault. (Due to not being ERC4626 Complaint)

vault.changeAdapter can be misused to drain fees

cool down time period is not properly respected for the `harvest` method

VaultController() Missing call DeploymentController.nominateNewDependencyOwner()

Users can fail to withdraw deposited assets from a vault that uses `YearnAdapter` contract as its adapter because `maxLoss` input for calling corresponding Yearn vault's `withdraw` function cannot be specified

Division before multiplication incurs unnecessary precision loss

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Possible scenario for Signature Replay Attack

Buyer on secondary NFT market can lose fund if they buy a NFT that is already used to claim the reward

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

`unauthorize()` can be front-run so that the malicious authorized user would get their authority back

Gas left check estimation is not accurate

The deposit / withdraw / trade transaction lack of expiration timestamp check and slippage control

Flashloan caller can double paying the flashloaned amount

CryptoKitty and CryptoFighter NFT can be paused, which block borrowing / repaying / liquidating action in the ERC721Pool when borrowers still forced to pay the compounding interest

User's staking reward can be lost in RewardsManager.sol

Strategist can fail to withdraw asset token from a private vault

Improper validations in Clearinghouse. possible to lock collateral NFT in contract.

Adversary can game the liquidation flow by transfering a dust amount of the payment token to ClearingHouse contract to settle the auction if no one buy the auctioned NFT

Lack of support for ERC20 token that is not 18 decimals

CollateralToken should allow to execute token owner's action to approved addresses

Liquidator reward is not taken into account when calculating potential debt

Lack of support for fee-on-transfer token

Certain function can be blocked if the ERC20 token revert in 0 amount transfer after PublicVault#transferWithdrawReserve is called

A user can use the same proof for a commitment more than 1 time

LienToken._payment function increases users debt

`FeeRefund.tokenGasPriceFactor` is not included in signed transaction data allowing the submitter to steal funds

Arbitrary transactions possible due to insufficient signature validation

Attacker can gain control of counterfactual wallet

Rage trade depository redeem can revert in senior vault beforeWithdraw hook when the utilization rate is high

15 seconds is too short for TWAP price query when calculating the PNL

Lack of input validation when rebalancing occurs, which leads to loss of fund in Perp protocol depository

Vulnerable Openzepplin version is used, which affects GovernorVotesQuorumFraction used in the Governance contract

Disabled NFT collateral should not be used to mint debt

MinipoolManager: node operator can avoid being slashed

Inflation of ggAVAX share price by first depositor

Hijacking of node operators minipool causes loss of staked funds

Inaccurate estimation of validation rewards from function ExpectedRewardAVA in MiniPoolManager.sol

Division by zero error can block RewardsPool#startRewardCycle if all multisig wallet are disabled.

Rialto may not be able to cancel minipools created by contracts that cannot receive AVAX

Bypass `whenNotPaused` modifier

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

First depositor can break minting of shares

Price will not always be 18 decimals, as expected and outlined in the comments

Pair price may be manipulated by direct transfers

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

Chainlink price feed is not sufficiently validated and can return stale price

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

ETH will get stuck if all NFTs do not get sold.

Unsafe downcasting operation truncate user's input

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

`CrossChainExecutor` contracts do not update the necessary states for failing transactions.

The caller can set start and stop timestamp far away from the current timestamp to let recipient never receive the token or set start and stop timestamp to past timestamp to game the recipient

Fallback oracle is using spot price in Uniswap liquidity pool, which is very vulnerable to flashloan price manipulation

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

Rewards are not accounted for properly in NTokenApeStaking contracts, limiting user's collateral.

checkOrder can be used to modify the other user's nonce arbitrary to make a valid order invalid.

Vault_Synths.sol code does not consider protocol exchange fee when evaluating the Collateral worth

CHANGE_COLLATERAL_DELAY in collateral book is wrongly hardcoded to 200 seconds instead of 2 days

The 'redeem' related functions are likely to be blocked

Malicious Users Can Drain The Assets Of Auto Compound Vault

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

SWAP_ROUTER in AutoPxGmx.sol is hardcoded and not compatible on Avalanche

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

Deposit Feature Of The Vault Will Break If Update To A New Platform

Unsafe ERC20 operation when enforcing the return value of the transfer method in BufferBinaryPool

Reentrancy in LiquidStakingManager.sol#withdrawETHForKnow leads to loss of fund from smart wallet.

Dao admin in LiquidStakingManager.sol can rug the registered node operator by stealing their fund in the smart wallet via arbitrary execution.

Incorrect implementation of the ETHPoolLPFactory.sol#rotateLPTokens let user stakes ETH more than maxStakingAmountPerValidator in StakingFundsVault, and DOS the stake function in LiquidStakingManager

dETH / ETH / LPTokenETH can become depegged due to ETH 2.0 reward slashing.

Address.isContract() is not a reliable way of checking if the input is an EOA

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Hacked owner or malicious owner can immediately steal all assets on the platform

Yul `call` return value not checked

Issue when handling native ETH trade and WETH trade in DODO RouterProxy#externalSwap

Solmate's ERC20 does not check for token contract's existence, which opens up possibility for a honeypot attack

Attacker may DOS auctions using invalid bid parameters

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Variable balance ERC20 support

A malicious early user/attacker can manipulate the share to take an unfair share of future users' deposits when maturity is not set.

Hacker can call approve function to approve malicious contract to spend token in RollerPeriphery.sol

Math rounding in AutoRoller.sol is not ERC4626-complicant: previewWithdraw should round up.

AutoRoller.sol#roll can revert if lastSettle is zero because solmate ERC4626 deposit revert if previewDeposit returns 0

Decimal conversion accounting issue in MarketCore#_processAllBatchedEpochActions

A malicious early user/attacker can manipulate the pricePerShare to take an unfair share of future users' deposits

RebalanceHedge can revert if there is underflow in DnGmxSeniorVault.sol#availableBorrow, blocking withdraw and deposit in JuniorVault

Pausing `WardenPledge` contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling `closePledge` or `retrievePledgeRewards` function

Owner can transfer all ERC20 reward token out using function recoverERC20

Avoidable misconfiguration could lead to INVEscrow contract not minting xINV tokens

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Redeem function for Swivel, Yield, Element, Pendle, APWine, Tempus and Notional protocols and Sense missing unpaused modifier in Redeemer.sol

IMPORTANT: User can mint arbitrary amount of principle token by passing invalid parameter in the Lender.sol#mint because Safe.transferFrom(IERC20(principal), msg.sender, address(this), a) does not check IERC20 code size.

Lack of access control in LienToken.sol#_deleteLienPosition

AstariaRouter.sol#getProtocolFee division by zero, affecting new loan origination from VaultImplementation.sol#commitToLien

Lack of access control in PublicVault.sol#transferWithdrawReserve let user call transferWithdrawReserve() multiple times to modify withdrawReserve

An early user can manipulate the price per share and profit from late users' deposits In the vault.

VaultImplementation#_validateCommitment signature commit proof message can be reused / replayed because the lack of nonce check

Owner can set royaltiesBasisPoints more than 10000 (charge more than 100% of the royalty fee) in ERC1155NFTProduct.sol and ERC721NFTProduct.sol

Nonce is missing the signature schema in Factory.sol so signature can be reused.

Wrong slashing calculation rewards for operator that did not do his job

Bond tokens (HLG) can get permanently stuck in operator

Failed job can't be recovered. NFT may be lost.

Implementation code does not align with the business requirement: Users are not charged with withdrawn fee when user unbound token in HolographOperator.sol

Bad source of randomness

Outstanding reserved tokens are incorrectly counted in total redemption weight

The tier setting parameter are unsafely downcasted from type uint256 to type uint80 / uint48 / uint40 / uint16

AssetManager.sol#rebalance can revert if single moneyMarket.withdrawAll revert / AaveV3Adapter.sol#withdrawAll revert if withdrawAmount is 0, and revert rebalancing transaction.

UserManager.sol#debtWriteOff may be not publicly callable after the loan is overdue by overdue blocks + maxOverdueBlocks

More granular control of the pause is needed for each money market because deposit and withdrawal can be guaranteed to revert if the underlying money market is paused or has high utilization rate

Unbounded loop in registerMemeber.sol when register new member can consume all the gas and revert transaction.

AaveV3Adapter.sol withdraw function call return amount is not properly handled, which affecting unstaking and rebalance operation

Unsafe downcasting arithmetic operation in UserManager related contract and in UToken.sol

A large amount of reward will be stucked in the TimeLockPool.sol if _escrowPool is address(0) and not set up.

initialize function in L2GraphToken.sol, BridgeEscrow.sol, L2GraphTokenGateway.sol, L1GraphTokenGateway.sol can be invoked multiple times from the implementation contract.

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Hacked owner or malicious owner can immediately steal all assets on the platform

Yul `call` return value not checked

A malicious early user/attacker can manipulate the vault share to take an unfair share of future users' deposits

totalSupply() can be maliciously inflated and manipulated, User may lose their token and not get share minted in Vault.sol#deposit when convertToShares return 0

Admin cannot pause deposit when the deposit function is guaranteed to revert

Duplicated plugin contract address is allowed, leading to not-removeable plugin and affect token withdraw and deposit

_withdrawFromPlugin(pluginAddr, IPlugin(pluginAddr).balance()) can fail if plugin has no balance because AAVE does not allow withdraw 0 token balance, result in not-removeable plugin

_previewWithdraw function in AuctionInternal.sol has unbounded gas consumption loop and can block user from withdraw

Lack of price freshness check in PricerInternal.sol#_latestAnswer64x64() allows a stale price or zero price to be used

processAuction() in VaultAdmin.sol can be called multiple times by keeper if the auction is canceled.

A "FrontRunning attack" can be made to the `initialize` function

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

frxETH can be depegged due to ETH staking balance slashing

removeValidator() and removeMinter() may fail due to exceeding gas limit

Can Recover Gobblers Burnt In Legendary Mint

Using outdated openzeppelin package version can result in improper Verification of Cryptographic Signature in ECDSA.recover

Incorrect handling of pricefeed.decimals()

Users who deposit in one vault can lose all deposits and receive nothing when counterparty vault has no deposits

Different Oracle issues can return outdated prices

A majority attack can steal precious NFT from the party by crafting and chaining two proposals

stakingContext.auraBooster.deposit boolean return value not handled in Boosted3TokenPoolUtils.sol

stakingContext.auraRewardPool.withdrawAndUnwrap boolean return value not handled in Boosted3TokenPoolUtils.sol and TwoTokenPoolUtils.sol

getGetAmplificationParameter() precision is not used, which result in accounting issue in MetaStable2TokenAuraHelper.sol and in Boosted3TokenAuraHelper.sol

`Token:mint`: infinite loop if the founders' shares sum up to 100

Tokens without properties can be minted and cannot be rendered

The chainlink oracle data to determine the collateral worth may be outdated because a invalid timestamp is used to check if the oracle data is up-to-date.

OlympusGovernance#executeProposal: reentrancy attack vulnerable function

Unsafe casting from int128 can cause wrong accounting of locked amounts

Possible to bypass saleConfig.limitPerAccount

Oracle periodSize is very low allowing the TWAP price to be easily manipulated

Underlying asset price oracle for CToken in BaseV1-periphery is inaccuarte

Stableswap - Deadline do not work

Able to mint any amount of PT

Division Before Multiplication Can Lead To Zero Rounding Of Return Amount