Replacing an old token can overwrite the price of an unintended active token

Soft Restricted Staker Role can withdraw stUSDe for USDe

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

No slippage protection for bonders

Security Council can undermine any DAO votes to remove a member

Too many rewards are distributed when a draw is closed

`rngComplete` function should only be called by `rngAuctionRelayer`

RemoteOwner circular dependency at deployment time

The ContinuousGDA implementation is incorrect leading to liquidation auctions running at the wrong price

_computeAvailable() the calculations are wrong

Increasing reserves breaks PrizePool accounting

Resetting delegation will result in user funds being lost forever

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

Vault contribution calculations wrongly include the current round when claiming prizes

`VaultFactory` allows deployment of vaults with non-authentic `TwabController` and `PrizePool`

Number of prize tiers always increases if just 1 canary prize is claimed

Tier odds in TieredLiquidityDistributor are incorrect

`Vault.mintWithPermit()` can be DOSed

Unintended or Malicious Use of Prize Winners' Hooks

Reentrancy in `USDO.flashLoan()`, enabling an attacker to borrow unlimited USDO exceeding the max borrow limit

A user with a TapiocaOFT allowance >0 could steal all the underlying ERC20 tokens of the owner

Tokens can be stolen from other users who have approved Magnetar

Attacker can prevent rewards from being issued to gauges for a given epoch in TapiocaOptionBroker

User can give himself approval for all assets held by `MagnetarV2` contract

BigBang liquidation share is not distributed 100%

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

Option brokers don't handle oracle decimals correctly when calculating payment amounts

User can exercise oTAP options for 3 weeks from a 1 week lock

Rebalancing mTapiocaOFT of native token forces admin to pay for rebalance amount

Stargate swap parameters perform unnecessary airdrop when rebalancing mTapiocaOFT tokens

Swapper contract isn't validated for cross-chain leverage operations

Compounding mechanism is broken/flawed in ConvexTricryptoStrategy

mTapiocaOFT can't be rebalanced because the Balancer in tapiocaz-audit calls swapETH() or swap() of the RouterETH but does not forward ether for the message fee

[HB09] `emergencyWithdraw` on all strategy contracts useless without a pause mechanism

Blacklisted accounts can own dShares which violates OFAC sanctions

Escrowed funds are sent to the wrong address when cancelling orders

Escrow could be taken from a cancelled order leaving other users unable to cancel

Malicious user can block all withdrawals from vUSD to gas token

A user that withdraws through a smart contract could lose funds forever in VUSD

Setting stable price in oracle can result in arbitrate opportunities and significant bad debt if the stable depegs

No check for stale oracle prices can impact funding rate and fill prices

Malicious user can frontrun withdrawals from Insurance Fund to significantly decrease value of shares

Malicious user can control premium emissions to steal margin from other traders

Calling poolRepayAll breaks accounting for the token in question

User can perform sandwich attack on withdrawReserves for profit

Attacker can steal approved tokens from users through D3Proxy

Calls to liquidate don't write down totalBorrows which breaks exchange rate

User can steal assets after DODO liquidation is finished

Ordering of user deposits changes impact of user quotas

No slippage or deadline control for user initiated liquidations

Oracle going offline or token price falling to 0 will cause liquidations to fail

Anyone can change approval/disapproval threshold for any action using LlamaRelativeQuorum strategy.

User with disapproval role can gas grief the action executor

Juicebox project owner can create a honeypot to cause grief

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

`fee` can change without the consent of users

Strategists can't be removed

Malicious pools can be deployed through `BathHouse`

A well financed attacker could prevent any other users from minting synthetic tokens

Missing check in the updateValset function

Admin drains all ERC based user funds using withdrawERC20()

Validators can cause transactions where they are not the one being paid the fees, to revert

The owner can mint all of the NFTs.

`AnyswapFacet` can be exploited to approve arbitrary tokens.