Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Vaults weth reward is not distributed correctly

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

Markets and vaults will not update their state until market fee is received, any deposits before market fee will not be reflected

Incorrect calculation in CreditDelegationBranch::withdrawUsdTokenFromMarket allows attacker mint any amount of usdz

Fee Recipient Shares Cannot Be Decreased When Total Fee recipients’s share is at Max Limit

Due to not updating the Debt , the protocol will apply untended premium or discount

Refund Underflow in Swap Refund Logic Leading to Locked Funds

Slippage Higher than Expected in `CurveAdapter.executeSwapExactInput()` and `FeeDistributionBranch._performMultiDexSwap()` Multi-Hop Swaps

Vault credit capacity may not be correctly calculated

Attacker can front-run to claim tokens

MembershipERC1155 proxy cannot be upgraded

Reorg Vulnerability in DAO Membership Creation Allows Users to Join Incorrect DAOs

Missing Signature Expiry Enables Perpetual Transaction Validity.

Protocol does not strictly comply with EIP-712

No check if a listing is a liquidation when process tax refund in relisting

_isLiquidation status is not reset when a liquidation listing is relisted/reserved

Listing created time is not updated when relisting

Listing info is not deleted when a listing is reserved

Incorrect checkpoint index might be returned when snapshots the current checkpoint

Unlocked protected listing asset can be redeemed by any other user

Type uint88 may not be suitable for storing quorum vote requirement

ERC1155 collection royalty fees cannot be claimed on L2

ERC721 Airdrop item can be redeemed/swapped out by user who is not an authorised claimant

User won't be refunded after initializing a collection

Old beneficiary / AMM beneficiary won't be able to claim fees if the current beneficiary is a pool

Fee Exemption cannot be applied or removed

ethIn and tokenOut is not correctly computed in beforeSwap() when the swap is an exactIn

Pool fee cannot be actually set

royaltyBps may not be properly retrieved for ERC1155 collections

SuperPool reallocation may fail due to non-zero approval

Super Pool shares can be inflated by bad debt leading to overflows

None of the functions in SuperPool checks pause state

SuperPool is NOT strictly ERC4626 compliant

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

Native token withdrawal fails until manually approved

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

Fund Withdrawal Flaw in preMarket Allows Users to Avoid Settlement Obligations

`mulDiv()` can round down to 0 in realistic cases, allowing for tax avoidance

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

`listOffer` Unsafely References Fungible Identifiers

Inadequate Checking of `isIncreasing` when trader adjusts position size

Market Disruption and Financial Loss Post-Liquidation

Incorrect liquidatable checking for market order creation

User might be unfairly liquidated after L2 Sequencer grace period

Potential `EIP712` violation in multiple cases

User may lose funds when creating Nexus account or executing user operations

Registry is never called when setting up modules using the `Bootstrap` contract

Protocol not fully compliant with `EIP-7579`

entryPoint() function cannot be overridden

User may not receive profit from withdrawal fee as expected and attacker can steal value from pool

Vultisig whitelisting can be bypassed by anyone

Most users won't be able to claim their share of Uniswap fees

Vultisig should be burnable

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

Protocol won't be eligible for referral rewards for depositing ETH

Incorrect accounting of reward points can be caused by owner changing the startBlock

Staker may receive much less staking token than expected when they exit early