Attacker can exploit precision loss in low decimal reward tokens in SymmStaking

Vesting.sol should use onlyInitializing modifier

Attacker will delay rewards distribution

Wrong check for min/max token allocation in updateParticipation() and wrong value set to userTokens

Malicious users can steal from the protocol and freeze other users' funds

Malicious users can drain the protocol by creating multiple orders in one block

Not resetting approval after a call lets malicious users steal from the protocol

currentValue() will revert because of a wrongly implemented stale price check

Borrowers' debt can be higher than expected because calculateCumulativeRate() has no access control and does not update lastEventTime

Malicious users can steal USDT from the treasury

Malicious users can DOS the protocol by setting downsideProtected to a large value

Abond's transferFrom() function updates wrong user state

Malicious users can pay less option fees

Malicious users can block admins from accessing setter functions

No slippage protection implemented for selling votes in ReputationMarket.sol

BuyOrder.sol can not return the receipt to buyer

Lenders could lose fees if a loan gets extended

Compromised accounts can use the profile freely

V3AMO.sol::boostPrice() will round up the price in some cases

Incentives' clawback() function is uncallable

Boosts can leave protocol with no fees

LVDepositNotPaused() modifier is incorrectly implemented

Any user can cancel a raffle before it starts

The protocol doesn't properly check a cross-chain message receiver and chain selector

A malicious admin can exploit the system

Incorrect `_splitProtocolFee` logic leaves collection referrer with no collectionReferrerShare

Incorrect `mintBatch()` logic lets users bypass paying most of the fees