JalaRouter02.sol

JalaPair.sol#_update()

LMPStrategy.sol#getRebalanceVaueStats() - Assumes that LMPVault token decimals are 18, which leads to incorrect accounting

RioLRTWithdrawalQueue.sol#settleEpochFromEigenLayer()

Asset.sol#transferETH()

AbstractStakingAM.sol#_getRewardBalances()

When `DecentBridgeExecutor.execute` fails, funds will be sent to a random address

Users will lose their cross-chain transaction if the destination router do not have enough WETH reserves.

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

The quorumVotes can be bypassed

CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse

Bidder can use donations to get VerbsToken from auction that already ended.

It may be possible to DoS AuctionHouse by specifying malicious creators

Re-triggering the `canOffboard[term]` flag to bypass the DAO vote of the lending term offboarding mechanism

The price of rsEHT could be manipulated by the first staker

Possible arbitrage from Chainlink price discrepancy

Update in strategy will cause wrong issuance of shares

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Borrower can drain all funds of a sanctioned lender

Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range

`collectFees()` updates delinquency wrongly as `_writeState()` is called before assets are transferred

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

```trancheTokenAmount``` should be rounded UP when proceeding to a withdrawal or previewing a withdrawal.

Clearinghouse.sol#claimDefaulted()

Cooler.sol#provideNewTermsForRoll()