NFTPositionManager's `repay()` and `repayETH()` are unavailable unless preceded atomically by an accounting updating operation

`Allocator` request for full pool withdrawal produce no withdrawal at all that leads to funds misallocation

`repayBorrowWithERC20Permit()` functions use incorrectly scaled accumulated interest value

UserManager's `debtWriteOff()` updates `_totalStaked` incorrectly

Minimum borrow amount can be surpassed and borrower can be treated as being overdue earlier than their actual overdue time

`updateLocked()` locks a rounded down value

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

The collateral remainder cap is incorrectly calculated during liquidation

Fragmentation fee is not taken if user compensates with newly created position

`executeBuyCreditMarket` returns the wrong amount of cash and overestimates the amount that needs to be checked in the variable pool

Credit can be sold forcibly as `forSale` setting can be ignored via Compensate

Neither `sellCreditMarket‎()` nor `compensate‎()` checks whether the credit position to be sold is allowed for sale

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

Rewards can be stolen from other proposals and votes by extending auction revenue period with the help of bogus proposals

Eligibility of cancelled proposals makes it possible for `proposalEligibilityQuorumBps` controlling actor to create multiple eligible proposals, stealing rewards from all others

Rewards can be allocated for less than minimal reward period with the help of bogus proposal

TOFTOptionsReceiverModule will have the user lose the whole output TAP when requested to exercise all eligible options

Liquidation fees are permanently frozen on Penrose YB account

`totalBorrow.elastic` and `totalBorrow.base` aren't updated in BB and SGL regular liquidations

TOFTOptionsReceiverModule miss cross-chain transformation for deposit and lock amounts

Malicious MarketHelper contract can be used in TOFTMarketReceiverModule's leverageUpReceiver and marketRemoveCollateralReceiver functions

BBLeverage's and SGLLeverage's `buyCollateral()` remove the required funds from the target twice

Allowances is double spent in BBLeverage's and SGLLeverage's `sellCollateral()`

Operation residual is lost for the user of BBLeverage's and SGLLeverage's `sellCollateral()`

Leverage operations of ETH market change debt, but do not accrue linked BB markets, corrupting their interest rate accrual logic

mTOFT's fees cannot be paid on native wrapping

TOFTOptionsReceiverModule's and UsdoOptionReceiverModule's exerciseOptionsReceiver can lose the option payment provided

SGL and BB repay do not round up both on allowance spending and elastic amount

Leverage borrowing with stale rate can atomically create bad debt with no prior positions and no investment

Balancer rebalance operation is permanently blocked whenever owner assigns `rebalancer` role to some other address

Unpausing with accrue timestamp reset can remove the accrual between last recorded accrue time and pausing time

Subsequent takes increase next kicker reward, allowing total kicker reward to be artificially amplified by splitting take into a batch

Reserves can be stolen by settling artificially created bad debt from them

Settlement can be called when auction period isn't concluded, allowing HPB depositors to game bad debt settlements

LUP is not recalculated after adding kicking penalty to pool's debt, so kick() updates the pool state with an outdated LUP

Debt write off can be prohibited by HPB depositor by continuously allocating settlement blocking dust deposits in the higher buckets

Pool's kickWithDeposit misses liquidation debt check

kickWithDeposit removes the deposit without HTP pool state check

moveQuoteToken updates pool state using intermediary LUP, biasing pool's interest rate calculations

Due to excessive HTP check moveQuoteToken can be unavailable for big deposits

Limit index isn't checked in repayDebt, so user control is void

LenderActions's moveQuoteToken can create a total debt undercoverage

Delegation rewards are not counted toward granting fund

PositionManager's moveLiquidity can set wrong deposit time and permanently freeze LP funds moved

PositionManager's moveLiquidity can freeze funds by removing destination index even when the move was partial

It is possible to steal the unallocated part of every delegation period budget

Rogue plugin can become unremovable and halt all staking and claiming

StakingModule's stakedByAt() can report erroneous values

Account that is affiliated with a plugin can sometimes evade slashing

Vault's withdrawFromProtocol incorrectly scales amount to be withdrawn

Vault rewards withdrawal swapping is subject to sandwich attack

Reward part of yield is permanently frozen for Providers other than Compound

CompoundProvider's balanceUnderlying and calcShares outputs are scaled incorrectly

IdleProvider's balanceUnderlying and calcShares outputs are misscaled by up to 10^12

Vault can lose rewards due to lack of precision

YearnProvider freezes yearn tokens on partial withdrawal

Any tokens can be stolen via withdraw from YearnProvider and AaveProvider balances

Vault's savedTotalUnderlying tracks withdrawn funds incorrectly

There is no price conversion between vault token and provider underlying token amounts in withdrawFromProtocol

minimumPull Vault parameter cannot be adjusted

Funds can be frozen on protocol blacklisting

IdleProvider overstates balanceUnderlying() and understates calcShares()

Vault withdraws always more from CompoundProvider and understates its holdings as stale exchangeRateStored value is used for valuation

Rebalancing can become unavailable when Aave pool has liquidity shortage

Beta pools performance isn't accounted for in player rewards

If Connext don't use all allowance and token employs approval race protection the cross chain functionality can become stuck

Current period profit can be extracted from the Vault by front running state change before exchange rate recalculation

Native funds sent with pushVaultAmounts and sendFundsToVault can be lost

Rebalancing breaks and can corrupt the accounting if amountToProtocol or amountToChain turn negative

Rewards will be locked in LQTYStaking Contract

User can lose up to whole stake on vault withdrawal when there are funds locked in the strategy

Staker can perform rewards withdrawal every overdueBlocks less 1 and have zero frozenCoinAge

Staker can manipulate lockedCoinAge and earn rewards in excess of the allowed maximum

UserManager's cancelVouchInternal breaks up voucher accounting on voucher removal

Market adapter removal corrupts withdraw sequence

Remaining collateral used by ERC721Pool is missed in Auctions take and bucketTake return structures

ERC721Pool's mergeOrRemoveCollateral allows to remove collateral while auction is clearable

removeCollateral miss bankrupcy logic and can make future LPs sharing losses with the current ones

scaledQuoteTokenAmount isn't updated to be collateral sell value in the quote token constraint case of _calculateTakeFlowsAndBondChange

RewardsManager doesn't delete old bucket snapshot info on unstaking

ERC721Pool's take will proceed with truncated collateral amount and full debt when borrower's collateral is fractional

Interest rates can be raised above the market as a griefing, disabling the pool

Flashloan end result isn't controlled

Deposits are eliminated before currently unclaimed reserves when there is no reserve auction

Settled collateral of a borrower aren't available for lenders until borrower's debt is fully cleared

ERC721Pool taker callback misreports quote funds whenever there was collateral amount rounding

If borrower or kicker got blacklisted by asset contract their collateral or bond funds can be permanently frozen with the pool

NFTFloorOracle's asset and feeder structures can be corrupted

NFTFloorOracle's assets will use old prices if added back after removal

setMinUSDC and setMinCrab can be front-run to bloat deposit and withdraw arrays

Netting and withdraw auction can be frozen permanently

External checkOrder can be used to invalidate any order, preventing the auction

debtToMint incorrectly treats feeAdjustment decimals

Precision is lost in depositAuction and withdrawAuction user amount due calculations

FeeBuyback submit may end up being blocked for some ERC20

Native funds can be lost by submit() as msg.value isn't synchronized with amount

Public to all funds escape

Yield, Swivel, Element, APWine and Sense lend() are subject to reentracy resulting in Illuminate PT over-mint

There are no Illuminate PT transfers from the owner in ERC5095's withdraw and redeem before maturity

No returning of premium if there is no swap to PT

Sense redeem is unavailable and funds are frozen for underlyings whose decimals are smaller than the corresponding IBT decimals

External PT redeem functions can be reentered to double count the received underlying funds

Unlimited mint of Illuminate PTs is possible whenever any market is uninitialized and unpaused

Slippage control is rendered void by misusing asset amount to be sold as a slippage base

Converter cannot be changed in Redeemer

repayBorrow is inaccessible by overdue borrowers

Stakers will lose their rewards as updateLocked() updates only the first active vouches until there is a prepayment

repayBorrow calls wrong frozen info update for overdue repayments

UNION rewards issuance can be maximized without providing credit

Staker rewards can be gathered with maximal multiplier no matter how borrowers are overdue

Stakers can have their funds locked for an extended period not related to the performance of their borrowers

Vouchers and vouchees indices become corrupted by UserManager's cancelVouch

Maximal approvals remain for the AssetManager's adapters and tokens after removal

It's impossible to writing off any vouch fully for an outside actor

Partial withdrawals by AssetManager lead to user funds freeze

Priority withdrawal sequence array will grow infinitely over time

Unit isn't recalculated on curve modification with setCurvePoint

Maximum duration multiplier can be forced for lock amount increase

Rewards can be retrieved in a almost flash loan manner

An attacker can gain an inflated amount of Sherlock shares by staking when TrueFiPool2 pool has its value temporary reduced during loan closure

Griefing attack is possible via TrueFi borrowing

Variable balance token causing fund lock and loss

Can Recover Gobblers Burnt In Legendary Mint

Incorrect handling of pricefeed.decimals()

Griefing attack on the Vaults is possible, withdrawing the winning side stakes

Risk users are required to payout if the price of the pegged asset goes higher than underlying

Different Oracle issues can return outdated prices

Previously nominated delegate can reset the delegation

MetaStable2TokenAuraVault allows only up to 1bp weight for Balancer TWAP oracle

TwoTokenPoolUtils's _getOraclePairPrice produces incorrect oraclePairPrice when balancerOracleWeight is set to be bigger than BALANCER_ORACLE_WEIGHT_PRECISION

ERC721Votes's delegation disables NFT transfers and burning

`ERC721Votes`: Token owners can double voting power through self delegation

NFT owner can block token burning and transfer by delegating to zero address

Proposals can be bricked and Auctions stalled by bad settings

Index out of bounds error when properties length is more than attributes length breaks minting

UniV2LPOracle's getPrice() is incorrect for pairs with underlying tokens whose decimals aren't 18

LToken's and LEther's first depositor can depress shares denomination

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

Moving average precision is lost

Builder can call `Community.escrow` again to reduce debt further using same signatures

New subcontractor can be set for a SCConfirmed task without current subcontractor consent

transfer() depends on gas consts

Division rounding can make fraction-price lower than intended (down to zero)

Migration::withdrawContribution falsely assumes that user should get exactly his original contribution back

Malicious User Could Burn The Assets After A Successful Migration

Use of `payable.transfer()` may lock user funds

Migration total supply reduction can be used to remove minority shareholders

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Use a safe transfer helper library for ERC20 transfers

Discounted fee calculation is imprecise and calculates less fees than anticipated

Zero strike call options can be systemically used to steal premium from the taker

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Zero strike call options will avoid paying system fee

Malicious Token Contracts May Lead To Locking Orders

Ineffective TWAV Implementation

Unable to redeem from Notional

Able to mint any amount of PT

Funds may be stuck when `redeeming` for Illuminate

Illuminate PT redeeming allows for burning from other accounts

[H-05] Not minting iPTs for lenders in several lend functions

Principal types in Illuminate and Yield lending are mixed up

Sandwich attacks are possible as there is no slippage control option in Marketplace and in Lender yield swaps

`_harvest` has no slippage protection when swapping `auraBAL` for `AURA`

`canExecTakeOrder` mismatches `makerOrder` and `takerItems` when duplicated items present

Accumulated ETH fees of InfinityExchange cannot be retrieved

`_transferNFTs()` succeeds even if no transfer is performed

Transferring any amount of the underlying token to the CNote contract will make the contract functions unusable

CNote updates the accounts after sending the funds, allowing for reentrancy

Did Not Approve To Zero First Causing Certain Token Transfer To Fail

BridgeFacet's _executePortalTransfer ignores underlying token amount withdrawn from Aave pool

Booster's shutdownPool can freeze user funds

ExtraRewardStashV2's stashRewards can become unavailable

User rewards stop accruing after any _writeCheckpoint calling action

VotingEscrow's merge and withdraw aren't available for approved users

Malicious user can populate `rewards` array with tokens of their interest reaching limits of `MAX_REWARD_TOKENS`

Rewards aren't updated before user's balance change in Gauge's withdrawToken

Gauge set can be front run if bribe and gauge constructors aren't run atomically

Truncation in `OrderValidator` can lead to resetting the fill and selling more tokens

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

Title: Yield can be unfairly divided because of MEV/Just-in-time stablecoin deposits

ConvexCurveLPVault's _transferYield can become stuck with zero reward transfer

User will lose funds

ConvexMasterChef's deposit and withdraw can be reentered drawing all reward funds from the contract if reward token allows for transfer flow control

registerAsset misuse can permanently disable TransmuterBuffer and break the system

TransmuterBuffer's setAlchemist will freeze deposited funds

TransmuterBuffer's _alchemistWithdraw use hard coded slippage that can lead to user losses

New gALCX token denomination can be depressed by the first depositor

Alchemist can mint `AlTokens` above their assigned ceiling by calling `lowerHasMinted()`

EthAssetManager and ThreePoolAssetManager don't control Meta tokens decimals

YearnTokenAdapter's wrap can become stuck as it uses one step approval for an arbitrary underlying

SpeedBumpPriceGate: Excess ether did not return to the user

PermissionlessBasicPoolFactory's withdraw can become frozen on zero reward token transfers

safeTransferFrom is recommended instead of transfer (1)

amount requires to be updated to contract balance increase (1)

ERC20 tokens with different decimals than 18 leads to loss of funds

The owner can mint all of the NFTs.

SuperVault's leverageSwap and emptyVaultOperation can become stuck

Avoidance of Liquidation Via Malicious Oracle

The return value `success` of the get function of the INFTOracle interface is not checked

Critical Oracle Manipulation Risk by Lender

Mistake while checking LTV to lender accepted LTV

Chainlink's latestRoundData might return stale or incorrect results

`call()` should be used instead of `transfer()` on an `address payable`

FlywheelCore's setFlywheelRewards can remove access to reward funds from current users

IndexLogic: An attacker can mint tokens for himself using assets deposited by other users

StakedCitadel depositors can be attacked by the first depositor with depressing of vault token denomination

[WP-H3] `saleRecipient` can rug buyers

Funding.deposit() doesn't work if there is no discount set

yVault: First depositor can break minting of shares

The noContract modifier does not work as expected.

Chainlink pricer is using a deprecated API

Not calling `approve(0)` before setting a new approval causes the call to revert when used with Tether (USDT)

NonCustodialPSM can become insolvent as CPI index rises

CoreCollection can be reinitialized

DoS: `claimForAllWindows()` May Be Made Unusable By An Attacker

Centralisation RIsk: Owner Of `RoyaltyVault` Can Take All Funds

CoreCollection's token transfer can be disabled

cooldown is set to 0 when the user sends all tokens to himself.

WithdrawFacet's withdraw calls native payable.transfer, which can be unusable for DiamondStorage owner contract

Should prevent users from sending more native tokens in the `startBridgeTokensViaCBridge` function

DexManagerFacet: batchRemoveDex() removes first dex only

cBridge integration fails to send native tokens

ERC20 bridging functions do not revert on non-zero msg.value

Anyone can get swaps for free given certain conditions in `swap`.

`msg.value` is Sent Multipletimes When Performing a Swap

Arbitrary code can be run with Controller as msg.sender

Spreads can be minted with a deactivated oracle

[WP-H4] Deleting `nft Info` can cause users' `nft.unpaidRewards` to be permanently erased

[WP-H17] Users will lose a majority or even all of the rewards when the amount of total shares is too large, due to precision loss

[WP-H23] Improper `tokenGasPrice` design can overcharge user for the gas cost by a huge margin

Manipulation of the Y State Results in Interest Rate Manipulation

An offer made after auction end can be stolen by an auction winner

Escrowed NFT can be stolen by anyone if no active buyPrice or auction exists for it

denial fo service

Assets sent from MarginAccount to InsuranceFund will be locked forever

Blocking of the VUSD withdrawals is possible if the reserve token doesn't support zero value transfers

ClearingHouse margin calculations will break up if an AMM returning non-6 decimals positions be white listed

Liquidations can be run on the bogus Oracle prices

[WP-M2] Wrong implementation of `TurboSafe.sol#less()` may cause boosted record value in TurboMaster bigger than actual lead to `BoostCapForVault` and `BoostCapForCollateral` to be permanently occupied

Send ether with call instead of transfer.

Wrong slippage check

SafeERC20.sol is imported but not used in the transferBribes() function

Basis points constant BPS_MAX is used as minimal fee amount requirement

Collect modules can fail on zero amount transfers if treasury fee is set to zero

Zero collection module can be whitelisted and set to a post, which will then revert all collects and mirrors with PublicationDoesNotExist

Passing multiple ETH deposits in orders array will use the same msg.value many times

`NestedFactory` does not track operators properly

StakedCitadel depositors can be attacked by the first depositor with depressing of vault token denomination

[WP-H3] `saleRecipient` can rug buyers

Funding.deposit() doesn't work if there is no discount set

Repeated Calls to Shelter.withdraw Can Drain All Funds in Shelter

StakingRewards.setRewardsDuration allows setting near zero or enormous rewardsDuration, which breaks reward logic

ConvexStakingWrapper deposits and withdraws will frequently be disabled if a token that doesn't allow zero value transfers will be added as a reward one

Oracle data feed is insufficiently validated.

`sNOTE.sol#_mintFromAssets()` Lack of slippage control

OpenLevV1Lib's and LPool's doTransferOut functions call native payable.transfer, which can be unusable for smart contract calls

OpenLevV1.closeTrade with V3 DEX doesn't correctly accounts fee on transfer tokens for repayments

UniswapHelper.buyFlanAndBurn is a subject to sandwich attacks

Lack of access control in the `parameterize` function of proposal contracts

ERC20 return values not checked

tokenBalanceOfAddress of nftOwner becomes permanently incorrect after arbRestake

updateYieldStrategy will freeze some funds with the old Strategy if yieldStrategy fails to withdraw all the funds because of liquidity issues

[WP-H1] The value of LP token can be manipulated by the first minister, which allows the attacker to dilute future liquidity providers' shares

Vaults with non-UST underlying asset vulnerable to flash loan attack on curve pool

Manipulation of the Y State Results in Interest Rate Manipulation

Covering impermanent loss allows profiting off asymmetric liquidity provision at expense of reserve holdings

Mixing different types of LP shares can lead to losses for Synth holders

Using single total native reserve variable for synth and non-synth reserves of VaderPoolV2 can lead to losses for synth holders

LPs of VaderPoolV2 can manipulate pool reserves to extract funds from the reserve.

SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS

A vault can be locked from MarketplaceZap and StakingZap

NFTXSimpleFeeDistributor._sendForReceiver doesn't return success if receiver is not a contract

NFTXVaultFactoryUpgradeable implementation can be replaced in production breaking the system

NFTXStakingZap and NFTXMarketplaceZap's transferFromERC721 transfer Cryptokitties to the wrong address

transfer return value is ignored

SingleNativeTokenExitV2 assumes first exchange holds the outputToken

Function `joinTokenSingle` in `SingleTokenJoin.sol` and `SingleTokenJoinV2.sol` can be made to fail

SavingsAccount withdrawAll and switchStrategy can freeze user funds by ignoring possible strategy liquidity issues

CreditLine.liquidate doesn't transfer borrowed ETH to a lender

recoverTokens doesn't work when isSale is true

Reward token not correctly recovered

Wrong calculation of excess depositToken allows stream creator to retrieve `depositTokenFlashloanFeeAmount`, which may cause fund loss to users

Any arbitraryCall gathered airdrop can be stolen with recoverTokens

Frontrunning in UniswapHandler calls to UniswapV2Router

AbstractRewardMine.sol#setRewardToken is dangerous

MiningService.setBonding should use BONDING role instead of REINVESTOR one

Fee double counting for underwater positions

Passing multiple ETH deposits in orders array will use the same msg.value many times

`NestedFactory` does not track operators properly

Covering impermanent loss allows profiting off asymmetric liquidity provision at expense of reserve holdings

Mixing different types of LP shares can lead to losses for Synth holders

Using single total native reserve variable for synth and non-synth reserves of VaderPoolV2 can lead to losses for synth holders

LPs of VaderPoolV2 can manipulate pool reserves to extract funds from the reserve.

Anyone Can Arbitrarily Call `FSDVesting.updateVestedTokens()`

Overwrite benRevocable

WrappedIbbtcEth contract will use stalled price for mint/burn if updatePricePerShare wasn't run properly

WrappedIbbtc and WrappedIbbtcEth contracts do not filter out price feed outliers

Rebalance will fail due to low precision of percentages