Nested initializer prevents `SymmVesting` from being deployed

Adversary can win proposals with voting power as low as 4%

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

NFTs sold in `buyOrder` can't be retrieved due to missing functionality

Flow stream cannot be created for tokens that do not implement the `decimals` function

Loss of dust tokens in distribution calculation

The use of `tx.origin` may cause a trader to lose funds

Epoch mismatch in FjordPoints and FjordStaking leads to user being able to stake and unstake instantly for rewards

Inadequate Checking of `isIncreasing` when trader adjusts position size

Incorrect logic for checking isFillPriceValid

A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)

Offchain orders are not cancelled after the account has been liquidated

payable Modifier in TradingAccountBranch::createTradingAccountAndMulticall

Fees are not sent to their respective recipients when dealing with low decimals tokens

Staking ETH incorrectly assumes revert bubbling

ThorChain will be informed wrongly about the unsuccessful ETH transfers due to the incorrect events emissions

[M-02] Incorrect call argument in `THORChain_Router::_transferOutAndCallV5`, leading to grief/steal of `THORChain_Aggregator`'s funds or DoS

Insufficient input validation on `SablierV2NFTDescriptor::safeAssetSymbol` allows an attacker to obtain stored XSS

Malicious user can honeypot other users to buy their stream on an NFT marketplace and cancel it right before the purchase happens

Availability of deposit invariant can be bypassed

Incorrect withdraw queue balance in TVL calculation

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

Minter / Staker / Spender roles can never be revoked`..,

Can mint NFT with the desired attributes by reverting transaction

Constraints of dailyAllowanceReplenishTime and allowanceRemaining during mint() can be bypassed by using alias accounts & safeTransferFrom()

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Rewards can be drained because of lack of access control

Anyone can call the burn function in SmartVaultV3.sol

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

`ODSafeManager#allowSAFE()` cannot be executed either by the proxy contract or any other address.