Deposits on long one leverage vault don't actually finalize the flow, leading to a Denial of Service (DoS)

Loss of fee refund due to premature state deletion in `PerpetualVault::_handleReturn` function

Wrong index causes last depositor to always get execution fee refund if cancelFlow is called by keeper to cancel a withdrawal

new deposits be incorrectly rejected due to false "maxCapReached" errors.

Fees not refunded to users on position closed and funds locked/lost

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

Creator of one vesting plan can affect vesting plans created by other users.

Minting zero tokens when underlyingToken is not Ether in cashIn()

TaxTokenReceipt NFT will get stuck in the Auction contract.

sold `NFTs` will get stuck in `buyOrder` contract

Inflated fees results in loss of funds for the borrower while extending loan.

Borrower cannot extend his loan due to the incorrect comparison with feePerDay instead of minFee

`removeOriginalAllocation()` fails to update the rewards of the insiders.

Incorrect fees deducted from totalDeposits in the withdraw().

Wrong handling of call data check indices, forcing it sometimes to revert

UpdateExpirattionPeriod() cannot be execute when the newExpirationPeriod is less than currentExpirationPeriod.

accrueFee() calculates incorrect fees and totalAssets since the pool is not updated to the latest

Pool.sol:: Wrongly Implemented getSupplyBalance() , not returning the correct supplied asseets.

actualDebtToLiquidate is incorrectly calculated by assigning the share amount instead of the underlying assets , affecting the liquidator.

Pool.sol:liquidate()::Since cache.nextDebtShares is not updated prior wrong interest rate is calculated.

Pool.sol:liquidate()::LiquidityTaken is not considering the liquidationProtocolFeeAmount while calling updateInterestRate()

Protocol lets the asset to accumulate in the SuperPool contract without depsoting to available deposit pools.

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Forger Entities can forge more times than intended

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

BribeReward.sol :: User/Owner of a lsNFt is not able to earn bribe rewards since wrong msg.sender is passed.

BribeRewarder:: Users cant claim the pendingRewards from the previously closed Periods.

Voting.sol :: User can vote even if the lockPeriod has ended for their staked Position.

BribeRewarder.sol: Owner wont be able to add funds on `fees on Transfer` Tokens.

MlumStaking.sol::position.lockMultiplier is wrongly calculated resulting the user to earn less rewards than deserved.

MlumStaking.sol :: Anyone can add to the stakedPosition resulting the lockTime of the actual owner to be extended to undefined time

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

Borrower is not able to compensate his lenders if he is underwater

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

[M-02] Incorrect call argument in `THORChain_Router::_transferOutAndCallV5`, leading to grief/steal of `THORChain_Aggregator`'s funds or DoS

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

Users will not get their deserved rewards once the farming startBlock has changed.