Asymmetric liquidity provision to geometric pool can allow attacker to purchase at flat oracle price, irrespective of trade size.

Large swap can be split into multiple smaller swaps to purchase large orders from the geometric pool at flat oracle price

Incorrect rounding direction in geometric pool `ask_exact_amount_out` allows theft of funds

Taker fees can be bypassed via asymmetric liquidity provision to a pool

Multiplication of XYK reserves can overflow

XYK `reflect_curve` is incorrect and decreases K over time leading to loss of funds for LP providers.

LP fees are applied incorrectly in `reflect_curve` leading to underperforming AMM algorithm

Zero initial liquidity can be provided which bricks pairs

Liquidity provision is vulnerable to slippage attacks

Force cancellation can be forced to fail by smart contracts that do not implement a receive() function

Unbounded spam limit asks can be created to DOS force cancellation

Address aliasing will not be applied if a contract calls `approveAndCall` directly on the portal allowing for impersonation attacks on L2

Missing functionality to clawback the incentives

FoT tokens will not work with budget

Rebasing tokens will be stuck in the ERC20 Incentive on negative rebase

Weak randomness in drawing raffle

Anchor state registry can be corrupted which will prevent game creation of the same type.

High risk quorum bypass by appending extra bytes into the calldata.