Anyone can call `lz_receive()` in SolanaVault to steal the withdrawn funds from the intended recipient

User can deposit any token in `SolanaVault` and get USDC in `SolConnector`

Executor will attempt unordered execution of messages because ordered execution option is not set

Transfers from the rebate manager's token vault always fail due to lack of bump seed

Quote pools are expected to have same base token and quote token but this is not enforced in swaps

Attacker can control rebate managers for supported tokens since there is only 1 rebate manager per quote token

Rebate authority is unable to claim fee due to incorrect constraint not allowing rebate manager admin authority

Attacker can relist a floor item and cancel the listing to underflow `listingCount` and block collection shutdown execution

Voters can not recover their collection tokens after shutdown is canceled

Non-existent checkpoint index is used when creating Protected Listings

Borrowers can bypass interest payments and pay off principal until 0.06 ether remains

Fee exemptions do not work since incorrect value is packed in `feeOverrides` storage

Admin can not set the pool fee since it is only set in memory

Swaps will revert or unnecessarily cancel due to a mismatched comparison of fTokens with ETH specified amount

AMM beneficiary can not collect fees when beneficiary is a pool

FTokens are burned after `quorumVotes` are recorded making a portion of the shares unclaimable

Bridge requests to remote chains where interchain tokens are not deployed can result in DoS attacks

Axelar cross chain token transfers balance tracking logic is completely broken for rebasing tokens and the transfers of these type of tokens can be exploited

Attacker will prevent distribution of USDC to stakers through frequent reward updates

Minting and batch minting auth can be bypassed by anyone

Limited users are allowed access when not strict but instead fail due to underflow

Expired blacklisting leads to greater access

Permission checks will unnecessarily consume Limited uses

Valid VFS paths with usernames can always fail validation

Calculating tax amount does not include taxes in `WasmMsg::Execute` messages

Incorrect withdraw queue balance in TVL calculation

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

DOS of `completeQueuedWithdrawal` when ERC20 buffer is filled

Increase in exchange rate between queueing and rebalancing can break withdrawals

Undelegating Operator can break withdrawals and lead to insolvency

Eigenlayer withdrawals brick future withdrawals due to no update of current epoch

Deactivating an operator with a validator cap will always revert

Inflated operator utilization when out-of-order exits are reported can block ETH allocations

`wfCashERC4626`

`wfCashERC4626`

`ExternalLending`

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

Incorrect precision assumed from RdpxPriceOracle creates multiple issues related to value inflation/deflation

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

reLP() mintokenAAmount the calculations are wrong.

Can not withdraw RDPX if WETH withdrawn is zero

A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

Rewards will be locked in LQTYStaking Contract

DOS by directly transferring assets to Reaper Vault

First vault depositor can steal other's assets

Attacker can steal 99% of total balance from any reward token in any Staking contract

Attacker can deploys vaults with a malicious Staking contract

Staking rewards can be drained

Modifier VaultController._verifyCreatorOrOwner does not work as intented

DOS any Staking contract with Arithmetic Overflow

`MultiRewardStaking.changeRewardSpeed()` breaks the distribution

Faulty Escrow config will lock up reward tokens in Staking contract