Anyone who is approving `BlueprintV5` contract to spend ERC20 can get drained because `Payment::payWithERC20`

Attacker can halt staking reward by frequently calling core function that later would call `SymmStaking::_updateRewardsStates`

User can experience DoS when calling `SymmVesting::addLiquidity` second time after some duration

Attacker can reset remaining reward duration to default duration by calling `SymmStaking::notifyRewardAmount` and providing dust amount as additional reward

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

`Launch::updateParticipation` incorrectly update the total tokens requested for user by the `currencyAmount`

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Incorrect fee calculation when protocol call `Pool::claimFees` resulting really small amount of fees

`Auction::endAuction` would always fail

USDC Blacklisted address can DoS new bid in `Auction.sol`

Failed auction period still update `sharesPerToken` like it is succeed

`Auction::endAuction` result can be manipulated

Stuck fund if `BalancerRouter::joinBalancerAndPredeposit` amount of `balancerPoolTokenReceived` is higher than the current unfulfilled deposit cap in `PreDeposit`

Users can claim more that their actual allotment

Missing sellable check in completePurchase will cause a user to buy a token marked as unsellable by S2ADMIN if it was listed beforehand

Listing potential can not be purchased with discounted price

Minting zero tokens when underlyingToken is not Ether in cashIn()

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

Inaccurate `marketFunds` update in `ReputationMarket::buyVotes` will makes the market funds not reflected correctly

`EthosVouch::unvouch` allows the accused avoid slashing during the accusation period

Borrower can not `extendLoan` if the `maxDuration` is under 5 days due to underflow

Anyone can call `DLOFactory::deleteOrder` multiple times to delete others lend offer from contracts state

Lack of Validation for `tierConfigs[i].minted` Value in New Tiers During DAO Membership Update

Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

Refunds sent to incorrect addresses in certain cases