Permission escalation by adding the same permission twice

`totalSupply` may exceed `LibBasketStorage.basketStorage().maxCap`

block.timestamp or deadline

Unlinked address can link immediately again

Malicious tickets can lead to the loss of all tokens

Continue claiming reqrds after numberOfEpochs are over

cancelPromotion is too rigorous

Rewards can be claimed multiple times

Scoop ERC20 tokens from basket contract

ts.tokens sometimes calculated incorrectly

Tokens can be stolen when `depositToken == rewardToken`

Wrong calculation of excess depositToken allows stream creator to retrieve `depositTokenFlashloanFeeAmount`, which may cause fund loss to users

Storage variable unstreamed can be artificially inflated

No max for advanceIncentive

_notSameBlock() can be circumvented in bondToAccount()

pow() is missing check on input parameters with 0 value

Can't enableCollateral after a disableCollateral

_totalSupply not updated in _transferMint() and _transferBurn()

Claim airdrop repeatedly

Can't claim last part of airdrop

Investor can't claim the last tokens (via claim() )

Overwrite benRevocable

`initialBalance` for native token is wrong

WrappedIbbtcEth contract will use stalled price for mint/burn if updatePricePerShare wasn't run properly

registerAsset() can overwrite _assetClass value

debts calculation is not accurate

griefing attack to block withdraws

reward tokens could get lost due to rounding down

`QuickAccManager.sol#cancel()` Wrong `hashTx` makes it impossible to cancel a scheduled transaction

Prevent execution with invalid signatures

MAX_TRUST_LIMIT might be too high

Steal tokens from TempusController

Swivel: Taker is charged fees twice in exitVaultFillingVaultInitiate

transferNotionalFrom doesn't check from != to

Previously created markets can be overwritten

Scoop ERC20 tokens from basket contract

Last person to withdraw his tokens might not be able to do this, in Crowdsale (edge case)

Self transfer can lead to unlimited mint

Can access cards of other markets

Unchecked ERC20 transfers can cause lock up

findNewOwner edgecase

Critical uberOwner address changes should be a two-step process

Missing balancedBooks modifier could result in failed system insolvency detection

payout doesn't fix isForeclosed state

minRentalDayDivisor can be different between markets and treasury

Uninitialized Variable `marketWhitelist` in `RCTreasury.sol`

Parameter updates not propagated

copy paste error in _batchConfirmOutstandingPendingActions

2 variables not indexed by marketIndex

Prevent markets getting stuck when prices don't move

latestMarket used where marketIndex should have been used

onlyOwnerOrAssetManager can swap Yield Source in SwappableYieldSource at any time, immediately rugging all funds from old yield source

setYieldSource leads to temporary wrong results

Single under-funded protocol can break paying off debt

reputation risks with updateSolution

Yield distribution after large payout seems unfair

Result of transfer / transferFrom not checked

In the beginning its relatively easy to gain majority share

grantFunds will revert after a DAO upgrade.

Missleading onlyDAO modifiers

Dao.sol: Insufficient validation for proposal creation

Block usage of addCuratedPool

activeTransactionBlocks are vulnerable to DDoS attacks

Router liquidity on receiving chain can be double-dipped by the user

sortVaultsByDelta doesn't work as expected

implicit underflows

Incorrect use of operator leads to arbitrary minting of GVT tokens

Malicious owner can drain the market at any time using SafetyWithdraw

prb-math not audited

Claim liquidation escrow

avoid paying insurance

Return values of ERC20 `transfer` and `transferFrom` are unchecked

Can access cards of other markets

Unchecked ERC20 transfers can cause lock up

findNewOwner edgecase

Critical uberOwner address changes should be a two-step process

Missing balancedBooks modifier could result in failed system insolvency detection

payout doesn't fix isForeclosed state

minRentalDayDivisor can be different between markets and treasury

Uninitialized Variable `marketWhitelist` in `RCTreasury.sol`

Parameter updates not propagated

Duplication of Balance

YieldMath.sol / Log2: >= or > ?

auth collision possible

auth only works well with external functions

Witch can't give back vault after 2x grab

Incorrect use of _addTribute instead of _addGovernanceTribute

gracePeriod not increased after membership extension

Unbounded loop in `_removeNft` could lead to a griefing/DOS attack

transferERC721 doesn't clean timelockERC721s

Missing allValidNFTs and afterRedeemHook with swapTo?

`getRandomTokenIdFromFund` yields wrong probabilities for ERC1155

Randomization of NFTs returned in redeem/swap operations can be brute-forced

Incorrect operator used in deploySynth() of Pools.sol

Init function can be called by everyone

`initialBalance` for native token is wrong