Double spending attack in the Vesting contract

Fee Evasion via LP Token Transfer Resets Deposit Value

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

“Uplift Fee” Incorrectly Falls Back to Minimum Fee Due to Integer Division

Incorrect implementation of QuantammMathGuard.sol#_clampWeights.

Inconsistent timestamp storage when the LPNFT is transferred.

Revert of SignerValidator.validate() caused by bug in IncentiveBits.setOrThrow()

clawback() can't be executed because the owner is always BoostCore

Fee on transfer tokens break some of the contracts

The boost's owner can steal the protocol's profit using referralFee = 100%.

block.prevdao is not secure source of randomness and could be manipulated

Issue with rebasing tokens in ERC20Incentive

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

Native token withdrawal fails until manually approved

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

`Tokens` Are Automatically Whitelisted Upon Creation And Binding Even When `_whiteListEnabled == false`

Starknet tokens deposited with use_withdraw_auto can never be withdrawn

Insufficient input validation on `SablierV2NFTDescriptor::safeAssetSymbol` allows an attacker to obtain stored XSS

`SablierV2Lockup.sol` - The caller of withdraw and renounce can skip callbacks, by sending less gas

Cancelling a Merkle Lockup is only callable by `initialAdmin` even after `admin` had been modified

Maximum allowable slippage can be exceeded

Missing the `lookback` parameter when invoking the `getWstethUsdPrice()` in the `getTokenPrice` function

_cancelAllBids does not check if the current bidder is the highest bid bidder

Draining maker through funding fee

Loss of funds for trader because whitelisted maker can't be liquidated

Permanent Dos through trackVaultFee()

Manipulation of _state.liquidity.totalDeposit

DOS of StakedStargateAM

DOS for long periods of time due to revert in getPrice()

skewFractionMax can be significantly exceeded, putting LPs at risk

Protocol insolvency and the user's inability to redeem their tokens

Wrong methodology for stable BPT price calculation

getBunniTokenPrice wrongly returns the total price of all tokens

Using incorrect function to determine the token supply in a Balancer weighted pool

If reservedUntilTokenId > 100, the first founder will receive fewer tokens than expected

Lack of slippage control on LRTDepositPool.depositAsset

fulfillRandomWords() could revert under certain circumstances

``FULL_RESTRICTED`` Stakers can bypass restriction through approvals

`ODSafeManager#allowSAFE()` cannot be executed either by the proxy contract or any other address.

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP