The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Axelar cross chain token transfers balance tracking logic is completely broken for rebasing tokens and the transfers of these type of tokens can be exploited

`Flashlender.sol#flashLoan()` should use `mintProfit()` to mint fees. The current implemetation may lead to locked up WETH in PoolV3.

Malicious actor can abuse the minimum shares check in `StakingLPEth` and cause DoS or locked funds for the last user that withdraws

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Sandwich attack on loan fulfillment will temporarily prevent users from accessing their borrowed funds

Size uses wrong source to query available liquidity on Aave, resulting in borrow and lend operations being bricked upon mainnet deployment

incorrect price for negative ticks due to lack of rounding down

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Incorrect withdraw queue balance in TVL calculation

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

Withdrawals can be locked forever if recipient is a contract

Not handling the failure of cross chain messaging

BalancerConnector has incorrect implementation of totalSupply, positionTVL and total TVL will be invalid

PrismaConnector are not able to claim surplus collateral in removery mode

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

Numerous errors when calculating the TVL for the MorphoBlue connector

Lack of function to claim reward in `AaveConnector`

Stale price can be used in `getValueFromChainlinkFeed` function

`maxDeposit`, `maxMint`, `maxWithdraw`, and `maxRedeem` functions do not return 0 when they should

Noya is not compatible with tokens whose balance changes outside of transfers causing funds to get stuck in the contract

If a curve pool which CurveConnector uses is killed the vault manager can't close the position leading to loss of funds

Balancer flashloan contract can be DOSed completely by sending 1 wei to it

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

No incentive to liquidate small positions could result in protocol going underwater

Liquidation bonus logic is wrong

Adjusting "_I_" will create a sandwich opportunity because of price changes

Permanent loss of yield for stakers in reward pools due to precision loss.

retryMessage unable to handle edge cases.

`_getReferencePoolPriceX96()` will show incorrect price for negative tick deltas in current implementation cause it doesn't round up for them

V3Oracle susceptible to price manipulation

Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

No `minLoanSize` means liquidators will have no incentive to liquidate small positions

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Can mint NFT with the desired attributes by reverting transaction

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

`_getUniswapTwapWei()` will show incorrect price for negative ticks cause it doesn't round up for negative ticks.

Chainlink price feed uses BTC, not WBTC. In case of depegging, oracles will become easier to manipulate.

Reusing a SALT that has already been used for voting can allow a malicious proposal to pass and compromise the protocol.

No council member can be created after burning a NFT token

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

The creation of bad debt (`mark-down` of Credit) can force other loans in auction to also create bad debt

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

Anyone can prolong the time for the rewards to get distributed

Malicious borrower can decrease Guild holders reward

Incorrect check in RFPSimpleStrategy#_distribute lead to function unintended fail in some case

Protocol does not really work with fee-on-transfers tokens

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

Return value of low level `call` not checked.

`VaultFactory` allows deployment of vaults with non-authentic `TwabController` and `PrizePool`