Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Filled and cancelled orders are not removed from the `orders` array which can be exploited by the order recipient to receive `tokenIn` via `modifyOrder()`

{actor} will {impact} {affected party`StopLimit._createOrder()` : user's previous order will be overwritten if another order is created in the same block

`OracleLess.createOrder()`: anyone can create an order and pull tokens from any recipient who have approved `OracleLess` contract on his tokens to be pulled

`OracleLess.createOrder()` : any malicious user can grief the contract by pushing empty orders to the `pendingOrderIds` array

`ReputationMarket.buyVotes()` adds the protocol and donation fees to the `marketFunds` which would result in draining the contract funds when a market is graduated

`ReputationMarket.buyVotes()` : protocol and donation fees are calculated based on the total sent tokens (`msg.value`) instead of calculating it based on the total price of the bought votes

Malicious actor can frontrun `VVVVCTokenDistributor.claim()` and claims rewards for himself

`WStethRatiosAggregatorV3.getAnswer()` always assumes `stETH:ETH` is 1:1 (pegged to ETH)

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

`WooCrossChainRouterV4.crossSwap()` doesn't correctly check for slippage

`WooCrossChainRouterV4._handleERC20Received()`: `dstExternalFeeRate` is deducted from the bridged amount when the swap is done via a woofi pool

Adjusting "_I_" will create a sandwich opportunity because of price changes

Loss of assumed functionality of the Onboarding contract in a highly-sensitive area

MagicLpAggregator doesn't consider the dcimal of MagicLP

`IG` contract can be DoS'd from minting or burning options

`WiseOracleHub.getTokensPriceInUSD` function uses the returned ETH price without validation

Unchecked return value when withdrawing the underlying asset from aave might result in stuck `aTokens` in `AaveHub` contract

Proposals can't be voted on due to a wrong call in `GovernorBravoDelegate.castVoteInternal` function

`proposal.quorumVotes` doesn't reflect the actual quorum at the time of voting

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Selling will be bricked if all other tokens are withdrawn to ERC20 token

A subject creator within a single block can claim holder fees without holding due to unprotected reentrancy path

onBalanceChange causes previously unclaimed rewards to be cleared

Stuck rewards in `FeeSplitter` contract

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

`ArtPiece.totalVotesSupply` and `ArtPiece.quorumVotes` are incorrectly calculated due to inclusion of the inaccessible voting powers of the NFT that is being auctioned at the moment when an art piece is created

Once EntropyRateBps is set too high, can lead to denial-of-service (DoS) due to an invalid ETH amount

Anyone can pause AuctionHouse in _createAuction

Violation of ERC-721 Standard in VerbsToken:tokenURI Implementation

Bidder can use donations to get VerbsToken from auction that already ended.

Lack of slippage control on LRTDepositPool.depositAsset

Approved address can approve other addresses for an owner's safe

Due to extremely short `votingDelay` and `votingPeriod`, governance is practically impossible.

Decimal Limitation in CamelotRelayer and UniV3Relayer Contract Deployment

Mismatch between the SAFE generated debt and the amount of the system tokens minted for the user

Updating `SafeManager` address in the `Vault721` will disable NFV minting

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

if the Virtual Account's owner is a Contract Account (multisig wallet), attackers can gain control of the Virtual Accounts by gaining control of the same owner's address in a different chain

All tokens can be stolen from `VirtualAccount` due to missing access modifier

`DonationVotingMerkleDistributionVaultStrategy::claim` doesn't support fee-on-transfer tokens

`QVBaseStrategy` contract : recipient `reviewStatus` is not reset upon re-registration

`rollLoan` caller will lose his collateral tokens if he is not the loan borrower

The peg stability module can be compromised by forcing lowerDepeg to revert.

Incorrect precision assumed from RdpxPriceOracle creates multiple issues related to value inflation/deflation

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

`SecurityCouncilMemberElectionGovernor` Owner Can Change `votingPeriod` During an Active Election

`VaultBooster`: users tokens will be stuck if they deposited with unsupported boost tokens

Proposals which intend to send native tokens to target addresses can't be executed

`fastTrackProposalExecution` should only be callable when `TemporalGovernor` is paused

deposit function does not check for the `maxMint` amount.

Operators can take escrow of any cancelled order

Incorrectly implemented modifiers in LybraConfigurator.sol allow any address to call functions that are supposed to be restricted

`VaultProxy` implementation can be initialized by anyone and self-destructed