`_computeClosingFactor` function will return incorrect values, lower than needed, because it uses `collateralizationRate` to calculate the denominator

Liquidation without bad debt doesn't update totalBorrow of market

The borrowing approval of the market is risky for users, as the spender can steal unlimited funds of user with a small allowance

Liquidation's caller in the market can avoid fees

`SGLLiquidation._extractLiquidationFees()` function transfers fee shares directly to Penrose, resulting in these fees being stuck

`totalBorrow.elastic` can exceed the totalBorrowCap, resulting in the risk of overflow in `_accrue()` function due to an incorrect limit cap of extraAmount.

Using wrong token for the approve action in the `buyCollateral` function

`buyCollateral` function pass a `false` value of skim param for adding collateral

Depositing incorrect tokens in the `BBLeverage.sellCollateral` function

The repaying action in `BBLeverage.sellCollateral` function pulls YieldBox shares of asset from wrong address

`leverageAmount` is incorrect in `SGLLeverage.sellCollateral` function due to calculation based on the new states of YieldBox after withdrawal

The mismatch between leverage executor contracts and the utilized interface in market

`getCollateral` and `getAsset` functions of the AssetTotsDaiLeverageExecutor contract decode data incorrectly

`_withdraw` function of `LMPVault` contract updates idleIncrease wrongly

Incorrect handling of ETH when interacting with the `LMPVaultRouterBase.deposit()`

Absence of `params.sellToken` transfer from `LiquidationRow` to `asyncSwapper` during liquidation process

Maverick oracle can be manipulated

Sender can lose more tokens when attempting to call function `AbstractRewarder.queueNewRewards()`

Incorrect handling of Stash Tokens within the `ConvexRewardsAdapter._claimRewards()`

The `_estimateWithdrawalLp` function might return a very large value, result in users losing significant incentives or being unable to withdraw from the Dispatcher contract

The `getAmountOut` function in Multipool contract might be permanently unactive or manipulated with low liquidity pools

The fees are incorrectly updated in the `_deposit` and `_withdraw` functions, which allows the attacker to break the protocol fees

Because of unrestricted permissions for who can commit collateral to a loan, attackers can potentially drain borrowers' funds

Fee-on-transfer tokens will be unable to used as collateral

When the loan can be liquidated, anyone can withdraw on behalf of the lender, even if it is not authorized by the lender.

The owner of the marketplace can execute a sandwich attack and steal the funds of the users

The malicious owner of TellerV2 contract can steal the funds of user

Wrong calculation of collateral ratio with the collateral tokens which are not in decimals 18

The function `burnFrom` of token TAU is incorrect, leading to the vault can mint only a part of its limit

Function `reconcileSignerCount` updates wrong threshold, leads to freezing safe’s actions

When all signers of the gate lose their hats, `reconcileSignerCount` will not update threshold, then `targetThreshold` can be updated to be lower than the current threshold during here, leads to freeze safe's actions.

Function `_removeSigner` updates incorrect signerCount and threshold

Signers can have a free signature to execute transaction of safe if address(0) if a valid wearer.

Inconsistent decimals of the param `amount` of function `_placePerpOrder` in contract `PerpDepository`