Redeem fee is not actually charged to the redeeming user

Non-whitelisted owner can also hold/own a troveNFT

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

User can earn rewards by frontrunning the new rewards accumulation in Ron staking without actually delegating his tokens

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

maxSellPercent can be buypassed by selling previously bought vestings at a later time

Rounding error in stepDuration calculations.

Large number of steps in a vesting may lead to loss of beneficiary funds or uneven vesting distribution

Gas griefing/attack via creating the proposals

AccessControlHooks onQueueWithdrawal() does not check if market is hooked which could lead to unexpected errors such as temporary DoS

Role providers can bypass intended restrictions and lower expiry set by other providers

Malicious actors can manipulate the `cross_chain_callback` callback

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

Anyone can manipulate user nonce (nonce_manager) in settlement contract

SettlementSignatureVerifier is missing check for duplicate validator signatures

SettlementSignatureVerifier's required_validators is not updated, resulting in a low or high number of signatures being required

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Wrong minting logic based on total token count across generations

Lack of Slippage Protection in Dynamic Pricing Mint Function

Sandwich attack on loan fulfillment will temporarily prevent users from accessing their borrowed funds

Incorrect withdraw queue balance in TVL calculation

Deposits will always revert if the amount being deposited is less than the bufferToFill value

mintBatch() for a set of receivers collects fee only once

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Can mint NFT with the desired attributes by reverting transaction

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

Potential loss of capital due to fixed fee calculations

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject

Replay attack to suddenly offboard the re-onboarded lending term