Malicious User Will Steal Rewards by Front-Running a Claim Transaction

MasterAMO should not use the `initializer` modifier

Remove splitter will always revert if there are some rewards left on splitter contract

Double-Counting of Redemption Asset (RA) in `_redeemCtDsAndSellExcessCt` Function

Incorrect Deposit Pausing Logic in `LVDepositNotPaused::ModuleState` Modifier

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

Native token withdrawal fails until manually approved

`listOffer` Unsafely References Fungible Identifiers

Validation of `collateralRate` in `PerMarkets::createOffer` function

The quantity is calculated incorrectly when depositing Fee on Transfer Tokens.

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

Claim Function Fails in `PerAddressTrancheVestingMerkleDistributor` Due to Empty Data

Protocol supports `eETH` but doesn't consider its also a rebase token like `stETH`

Incorrect withdraw queue balance in TVL calculation

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Lack of slippage and deadline during withdraw and deposit

Asymmetric calculation of price difference

Sandwich Attack in Reward Validators

`emergencyClose()` may fail to repay any debt

Lack of events for critical actions

Chainlink aggregators return the incorrect price if it drops below `minAnswer`

Loss of precision in `twapPriceInEther` due to division before multiplication

Signature missing nonce & expiration deadline

Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function

Multiple accesses of a mapping/array should use a local variable cache.

The `for loops` inside the borrow(), repay(), giveLoan() & startAuction() functions in Lender contract are probably gas-guzzlers

Uncheck Arithmetic where overflow/underflow impossible

Using Private Rather Than Public For Constants,Saves Gas

Use if + custom errors instead of using require + string

Using delete statement can save gas

ADD UNCHECKED{} FOR SUBTRACTIONS WHERE THE OPERANDS CANNOT UNDERFLOW BECAUSE OF A PREVIOUS IF-STATEMENT

Zero address check for tokens

Pragma isn't specified correctly which can lead to nonfunction/damaged contract when deployed on Arbitrum

[I-10] Functions not used internally could be marked external

Reentrancy guard and nonReentrant modifier not required.

Refactor `inState` modifier for high gas savings

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market