Reward tokens can't be added again once they are removed because there is no way to reset the user's previous debt/cache state.

Users wouldn't claim their unclaimed rewards once the reward token is removed.

`SingleSidedLiquidityVault.deposit()` and `SingleSidedLiquidityVault.withdraw()` will revert if `rewardToken.lastRewardTime > block.timestamp`.

User can lose up to whole stake on vault withdrawal when there are funds locked in the strategy

If the strategy incurs a loss the Active Pool will stop working until the shortfall is paid out entirely

In `ReaperVaultV2`, we should update `lockedProfit` and `lastReport` before changing `lockedProfitDegradation`.

`ReaperBaseStrategyv4.harvest()` might revert in an emergency.

Lost Rewards in MultiRewardStaking Upon Third-Party Withdraw

Staking rewards can be drained

Incorrect Reward Duration After Change in Reward Speed in MultiRewardStaking

Faulty Escrow config will lock up reward tokens in Staking contract

vault.changeAdapter can be misused to drain fees

`Vault.redeem` function does not use `syncFeeCheckpoint` modifier

cool down time period is not properly respected for the `harvest` method

Users can fail to withdraw deposited assets from a vault that uses `YearnAdapter` contract as its adapter because `maxLoss` input for calling corresponding Yearn vault's `withdraw` function cannot be specified

In `MultiRewardStaking.addRewardToken()`, `rewardsPerSecond` is not accurate enough to handle all type of reward tokens.

Total assets of yearn vault are not correct

Anyone can reset fees to 0 value when Vault is deployed

Precision loss in the invariant function can lead to loss of funds

Wrong init code hash

First liquidity provider will suffer from revert or fund loss

TimeswapV2LiquidityToken should not use totalSupply()+1 as tokenId

Rebalance logic is wrong and this distorts the pool's important states

Burning a `ERC1155Enumerable` token doesn't remove it from the enumeration

Lenders can default the loan by reverting the `repay()` function.

Borrowers can abuse lenders and steal debt tokens.

`Cooler.roll()` wouldn't work as expected when `newCollateral = 0`.

`Cooler.clear()` should set `rollable = false` when it adds the loans.

Admin should be able to refund or redeem the sanctioned users

methods used by EntryPoint has `onlyOwner` modifier

`PerpDepository._rebalanceNegativePnlWithSwap()` shouldn't use a `sqrtPriceLimitX96` twice.

`rebalanceLite` should provide a slippage protection

Last collateral check is not safe

user fund loss because function purchaseLiquidationAuctionNFT() take extra liquidation penalty when user's last collateral is liquidated, (set wrong value for maxDebtCached when isLastCollateral is true)

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

Raffle creator can rug participants

Liquidity providers may lose funds when adding liquidity

First depositor can break minting of shares

Rounding error in buyQuote might result in free tokens

Pair price may be manipulated by direct transfers

Malicious user can steal all assets in BondNFT

Users can bypass the `maxWinPercent` limit using a partially closing

User can abuse tight stop losses and high leverage to make risk free trades

Not enough margin pulled or burned from user when adding to a position

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

StopLoss/TakeProfit should be validated again for the new price in `Trading.executeLimitOrder()`

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit

`PrePOMarket.setFinalLongPayout()` shouldn't be called twice.

Manager can get around min reserves check, draining all funds from Collateral.sol

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

`saleReceiver` and `feeReceiver` can steal refunds after sale has ended

`OpenEdition.buy()` might revert due to uint overflow when it should work.

Editions should be checked if they are actually deployed from the legitimate Escher721Factory

ETH will get stuck if all NFTs do not get sold.

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

Escher721 contract does not have setTokenRoyalty function

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

rescueERC20() is not safe for tokens with multiple addresses

Anyone can fabricate the stream history

A malicious user can cancel other's orders using `CrabNetting.checkOrder()`.

Wrong constants for time delay

The protocol shouldn't charge interests when paused

Lyra vault underestimates the collateral value

The virtual price of collateral is less than it should be.

Deposit Feature Of The Vault Will Break If Update To A New Platform

Anyone can call AutoPxGmx.compound and perform sandwich attacks with control parameters

Keepers can modify option exercise result using different asset price

`tokenX.transfer` will not work as intended from some ERC20 tokens.

A malicious user can drain the protocol funds using `reclaimContract()`.

Attacker can trigger permanent lock of funds of normal traders

The NFT might be locked inside the protocol forever after the contract was settled.

Protocol can lose the fee and withdrawal function can become useless.

`Staking.unstake()` doesn't decrease the original voting power that was used in `Staking.stake()`.

`Staking._stakeToken()` calculates `stakedTimeBonus` wrongly.

The total community voting power can be huge because of incorrect conditions.

`Governance.queue()` should update the `CommunityScoreData.proposalsPassed` instead of `CommunityScoreData.proposalsCreated`.

Voters can increase their community voting power without any token voting power using `castVote()`.

`Staking._stakeToken()` and `Staking.evilBonus()` don't calculate a voting power for a monster like a document.

Circuit breaker could cancel the last transaction to prevent an unnecessary loss

Attacker can steal any funds in the contract by state confusion (no preconditions)

Bidders might fail to withdraw their unused funds after the auction was finalized because the contract doesn't have enough balance.

Seller's ability to decrypt bids before reveal could result in a much higher clearing price than anticpated and make buyers distrust the system

Denial of service when `baseAmount` is equal to zero

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

The sorting logic is not strict enough

Borrower can close a credit without repaying debt

Repaying a line of credit with a higher than necessary claimed revenue amount will force the borrower into liquidation

Reentrancy bug allows lender to steal other lenders funds

Mutual consent cannot be revoked and stays valid forever

Variable balance ERC20 support

Pausing `WardenPledge` contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling `closePledge` or `retrievePledgeRewards` function

Owner can transfer all ERC20 reward token out using function recoverERC20

Liquidation should make a borrower _healthier_

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

`ERC5095.withdraw()` and `ERC5095.redeem()` don't transfer the principal token to the contract when they work before maturity.

`ERC5095.mint()` uses the wrong slippage limit.

Can not change the fee of the Redeemer

Refinance validation is wrong

Potential debt calculation on new loan is wrong

`AuctionHouse.cancelAuction()` doesn't refund the last bidder.

timeToEpochEnd is wrong

Rate is used in wrong units

`AuctionHouse.createBid()` will revert when it should increase the duration.

Inconsistent usage of `firstBidTime` in `AuctionHouse.createAuction()` and `AuctionHouse.createBid()`

ChangeInSlope function is wrong.

Borrower might get loss while repaying.

Users might steal the remaining fees inside the `ExchangeProxy` contract after `cardTopupToken` is changed.

`AssetManager.removeAdapter()` doesn't update `withdrawSeq` after removing an adapter.

`AssetManager.rebalance()` will revert when the balance of `tokenAddress` in the money market is 0.

Transfering funds to yourself increases your balance

Very critical `Owner` privileges can cause complete destruction of the project in a possible privateKey exploit

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

The `Vault` contract should check more validations to prevent the `first depositor` issue.

`Vault.convertToShares()` and `onTokenTransfer()` check the wrong condition for the first deposit.

`Vault._withdrawFromPlugin()` always reverts when `_amount == 0`.

The admin might add the same plugin using `Vault.addPlugin()` by fault.

In `Auction.sol`, users might fail to withdraw the funds from the processed auction because of the uint underflow.

`AuctionInternal._previewWithdraw()` might return the wrong result after some orders are removed during the withdrawal.

`Auction.getEpochsByBuyer()` might omit some valid epochs.

Chainlink's latestRoundData might return stale or incorrect results.

frxETHMinter: Non-conforming ERC20 tokens not recoverable

Permanent freeze of vested tokens due to overflow in _baseVestedAmount

Reentrancy may allow an admin to steal funds

Can Recover Gobblers Burnt In Legendary Mint

The reveal process could brick if `randProvider` stops working

Funds might be locked inside the `Vault` for the fee-on-transfer tokens.

`TradingUtils._executeTrade()` doesn't check `preTradeBalance` properly.

Founders can receive less tokens that expected

`Token:mint`: infinite loop if the founders' shares sum up to 100

Index out of bounds error when properties length is more than attributes length breaks minting

`Account` contract might be locked when `underlying` = address(0).

In `Governance.sol`, it might be impossible to activate a new proposal forever after failed to execute the previous active proposal.

Inconsistant parameter requirements between `constructor()` and `Set() functions` in `RANGE.sol` and `Operator.sol`.

Builder can halve the interest paid to a community owner due to arithmetic rounding

Project funds can be drained by reusing signatures, in some cases

Project.changeOrder() would work unexpectedly for non SCConfirmed tasks.

Project.addTasks() wouldn't work properly when it's called from disputes contract.

Builders must pay more interest when the system is paused.

In Project.setComplete(), the signature can be reused when the first call is reverted for some reason.

It should not submit a project with no total budget. Requires at least one task with cost > 0

New subcontractor can be set for a SCConfirmed task without current subcontractor consent

Missing upper limit definition in replaceLenderFee() of HomeFi.sol

Hash approval not possible when contractor == subcontractor

With most functions in VaultTracker.sol, users can call them only once after maturity has been reached.

Swivel.setFee() is implemented wrongly.

Error in allowance logic

Failed proposal can be committed again

Users can lose fractions to precision loss during migraction if _newFractionSupply is set very low

Proposal which started buyout which fails is able to settle migration as if its buyout succeeded.

Any fractions deposited into any proposal can be stolen at any time until it is commited

Migration::withdrawContribution falsely assumes that user should get exactly his original contribution back

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract

```migrateFractions``` may be called more than once by the same user which may lead to loss of tokens for other users

Migration.join() and Migration.leave() can still work after unsucessful migration.

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Use a safe transfer helper library for ERC20 transfers

Zero strike call options can be systemically used to steal premium from the taker

`acceptCounterOffer()` May Result In Both Orders Being Filled

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Options with a small strike price will round down to 0 and can prevent assets to be withdrawn

Malicious Token Contracts May Lead To Locking Orders

Twav._getTwav() will return a wrong result when twavObservations[TWAV_BLOCK_NUMBERS - 1].timestamp = 0.

`Twav.sol#_getTwav()` will revert when timestamp > 4294967296

No way to set CURVE_POOL approval after setting new curve pool address

Cannot mint to exactly max supply using `_mint` function

`_storeRebase()` is called with the wrong parameters

Funds may be stuck when `redeeming` for Illuminate

Illuminate PT redeeming allows for burning from other accounts

[H-05] Not minting iPTs for lenders in several lend functions

Swivel lend method doesn't pull protocol fee from user

Lend method signature for illuminate does not track the accumulated fee

WETH.sol computes the wrong totalSupply()

WETH.allowance() returns wrong result.

Missing whenNotPaused modifier

Strategy in StakerVault.sol can steal more rewards even though it's designed strategies shouldn't get rewards.

Users can claim more fees than expected if governance migrates current rewardToken again by fault.

StakerVault.unstake(), StakerVault.unstakeFor() would revert with a uint underflow error of StakerVault.strategiesTotalStaked, StakerVault._poolTotalStaked.

VotingEscrow's merge and withdraw aren't available for approved users

Alter velo receptions computation

RubiconRouter _swap does not pass whole amount to RubiconMarket

RubiconRouter.swapEntireBalance() doesn't handle the slippage check properly

Strategists can take more rewards than they should using the function strategistBootyClaim().

maxSellAllAmount and maxBuyAllAmount functions can be unintentionally paused (always revert).