Price Manipulation in `redeemUSDT` Function Enables Treasury Drain via Arbitrary User Input

Incorrect USDa Yield Redemption Due to Failure to Update `usdaGainedFromLiquidation` in Liquidation Process

Denial of Service (DoS) in CDS Contract Due to Unrestricted `updateDownsideProtected` Function

Flawed Time Check in `getOptionFeesToPay` Allows Borrowers to Extend Downside Protection After Maturity

Downside Protection Granted to Borrowers After Option Maturity Expiry in borrowing::withDraw

Downside Protection Failure in BorrowLib::withdraw Function

Exploitable Inconsistency Between `strikePrice` and `strikePercent` in Deposit Logic

Inflated Position Sizing Due to Miscalculation in `sizeDelta` Parameter in `BorrowingLiquidation::liquidationType2`

ETH Insufficiency in `BorrowLiquidation` Contract Leads to Transaction Failures During Type 2 Liquidation, Blocking Type 2 Liquidation

Denial-of-Service Risk in Liquidation Type 1 Due to Exchange Rate Underflow

Underflow Vulnerability in `liquidationType1` Due to Debt Exceeding Collateral Amount

Incorrect `lastEventTime` Update in `_withdraw` Leading to Miscalculation of Cumulative Rate and Undercharged Debt

Anyone can manipulate user nonce (nonce_manager) in settlement contract

Insufficient checks to confirm the correct status of the sequencerUptimeFeed

A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)

Liquidation of accounts collateral not posible because some chainlink price feed doesn't exist or are marked as medium risk by chainlink

payable Modifier in TradingAccountBranch::createTradingAccountAndMulticall

User may lose funds when creating Nexus account or executing user operations

Anyone can call the fallbackFunction because of missing authorization control

incorrect price for negative ticks due to lack of rounding down

Chainlink's `latestRoundData` might return stale or incorrect results

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

stETH/ETH Feed being used opens up to 2 way deposit<->withdrawal arbitrage

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Attacker Can Frontruns User's Withdrawals To Make Them Reverts Without Costs

Permit doesnt work with DAI

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.