Risk of Overpayment Due to Race Condition Between repay and liquidateWithReplacement Transactions

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Fragmentation fee is not taken if user compensates with newly created position

Size uses wrong source to query available liquidity on Aave, resulting in borrow and lend operations being bricked upon mainnet deployment

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

Multicall does not work as intended

withdraw() users may can't withdraw underlyingBorrowToken properly

Unfair Manipulation of Winning Chances Due to Stolen Yield on `Blast`

`PUSH0` opcode Is Not Supported on Linea yet

Potential ETH Loss Due to transfer Usage in Requestor Contract on `zkSync`

Claimers Cannot Claim Prizes When Last Tier Liquidity is 0, Preventing Winners from Receiving Their Prizes

`TotalAssets` miscalculation Leads to Distorted Share Values and Unfair MEV Opportunities

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Wrong Implementation of `LiquidationPool::empty` excludes holder with pending stakes when decreasing a position, resulting in exclusion from asset distribution

Removing assets in the `TokenManager` leads to major issues

A user can steal an already transfered and bridged reSDL lock because of approval

Not Update Rewards in `handleIncomingUpdate` Function of `SDLPoolPrimary` Leads to Incorrect Reward Calculations

A user can lose funds in `sdlPoolSecondary` if tries to add more sdl tokens to a lock that has been queued to be completely withdrawn

try-catch does not store the state when it is reverted

`GMXVault` can be blocked by a malicious actor

User can revert processWithdraw

Incorrect slippage protection on deposits

Setter functions for core GMX contracts

`emergencyClose()` may fail to repay any debt

Strategy Vault stuck at `withdraw_failed` status if the deposit to `GMX` get Cancelled

incorrect handling of compound cancelation lead vault to stuck at `compound_failed` status

incorrect handling for deposit failure leads to stuck at `deposit_failed` status .

depositors face immediate loss in case `equity = 0`

Front-Run Attacks Due Slippage Mishandling Lead to Total Losses For Depositors

Users Lose Funds and Market Functionality Breaks When Market Reachs 65k Id

New orders can overwrite active orders when order id reaches 65000

Possible DOS on deposit(), withdraw() and unstake() for BridgeReth, leading to user loss of funds

Gas Limit Exploitation and Order Book Blockage Due to High-Priced Bids

If the dao removes a bridge, user's deposited tokens for that bridge will be lost.

Instant arbitrage opportunity through rETH and stETH price discrepancy

Event in secondaryLiquidation could be misused to show false liquidations

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Using forged/fake lending pools to steal any loan opening for auction

Stealing any loan opening for auction through others' lending pool