Incorrect tick range in vesting position fee collection leads to transaction revert

Integer overflow in observation index calculation leads to denial of service

Incorrect max leverage calculation in liquidation check delays necessary position liquidations

Incorrect collateral value calculation allows bypassing leverage limits

Incorrect modulo calculation in secondary position ticks leads to active position and division by zero

Infinite loop in path parsing leads to broken core contract functionality for opening leveraged positions with multiple pool swaps

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

`BaseGauge` users can claim rewards without staking

Gauge period cannot be updated

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Reward manipulation vulnerability in StabilityPool

RToken's transfer function lead to loss of funds due to incorrect math

NFTs Get Permanently Locked in Stability Pool After Liquidation

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Multiple calls to `BaseGauge::notifyRewardAmount()` override existing reward rate, causing loss of rewards for stakers

Gauge reward period can be extended indefinitely

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

LendingPool::getNormalizedIncome() returns stale liquidity index

Using balanceOf Instead of Voting Power

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

Owner Can Change Vote Results After Voting Ends by Updating Quorum Numbers for New proposals

Paused Protocol Prevents Critical Functions Including Debt Repayment and Liquidations

Missing Debt Token Supply Sync Leads to Incorrect Interest Rate Calculations

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures

The wrong increased amount of `marketFunds` in `buyVotes` will lead to withdrawal of a higher amount of ETH when calling `withdrawGraduatedMarketFunds`

Inconsistency in charging the protocol fee in `_acceptOffer`, `matchProposals` with `acceptLoanOfferAndFillOrder`, `auction`, `_refinance`

A borrower can not repay to a USDC blacklisted lender

The incorrect accounting of protocol fee will cause double charging fee and wrong distribution of earnings for variable users

Wrong owner initialization in incentive contracts will cause owner functions to be unusable

Unrestricted `referralFee` will cause the protocol can not receive `claimFee` as a boost creator will set `boost.referralFee` to `100%`

Incentive contracts can not be initialized with Fee on Transfer tokens

`incentiveId_` is not included in the hash that is signed by the validator will allow anyone to claim for a user

A NFT's `_balances` is not updated during liquidation will cause `_balances` and `_totalSupply` to report a stale value

Incorrect deduction of `accruedToTreasuryShares` from `totalSupply.supplyShares` in `executeMintToTreasury` will cause broken accounting, insolvency

`POOL_ADMIN_ROLE` can set a pool's `interestRateStrategyAddress` to a bad address to cause loss of funds to a vault

An attacker can hijack the `CuratedVault`'s matured yield

Incorrect conversion between debt shares and supply collateral shares will cause incorrect calculation of liquidation rewards or debt deduction

Wrong calculation in `PositionBalanceConfiguration#getSupplyBalance` when `liquidityIndex > ray` will cause broken accounting

Different oracle's decimals will cause wrong calculation in `GenericLogic#calculateUserAccountData`

Wrong implementation of `CuratedVault#reallocate` when `allocation.assets = 0` will cause unknown frontrunning donations can not be withdrawn

`CuratedVault` is vulnerable to an inflation attack when 18 decimals token is used as an asset

In `NFTPositionManager`, `_totalSupply` and `_balances` will be stale when `borrowIndex` and `liquidityIndex` are increased

Missing a `updateInterestRates` step in `executeMintToTreasury`

Hardcoded oracle's heartbeat in `Pool` will cause using stale price in case of short heartbeat oracle and DoS in case of long heartbeat oracle

`borrowIndex` increases faster than `liquidityIndex` will cause the borrowers overpay their debt

Loss of funds for a user due to incorrect state updates while unstaking

Owner of a cancelled Sablier stream will be elegible for a full amount reward claim, due to a revert in `FjordStaking::onStreamCanceled(...)`

`_lockedETH` is not decreased in `WinnablesTicketManager#refundPlayers` will cause loss of funds to the owner when withdrawing ticket sales

In `WinnablesTicketManager`, an attacker can prevent CCIP messages in `cancelRaffle` and `propagateRaffleWinner` from being sent to `prizeManager` in the destination chain

An attacker can prevent the raffle from being created by exploiting permissionless raffle cancellation

Winnables admins can prevent a winner from withdrawing their prize

Admin can not deny roles to other users

A position that got blacklisted by USDC/USDT still can use USDC/USDT in its balance as an asset

In `SuperPool`, an attacker can move assets to a specific base pool

The maximum number of generations is infinite

Wrong minting logic based on total token count across generations

`Golden God` Tokens can be minted twice per generation

Incorrect ownership check in `BribeRewarder#_modify` will prevent `Voter` from calling `BribeRewarder#deposit`

Users can not claim from `BribeRewarder` when `Voter#getLatestFinishedPeriod()` is greater than `BribeRewarder#_lastVotingPeriod + 1`

Incorrect order when setting top pool's weight will cause the `LUM` rewards to mint more than expected

Missing `sweep` function will left residual bribe rewards stuck in `BribeRewarder`

Missing remaining lock time check for `lsNFT` in `Voter#vote` will allow users double voting at the end of locking period

Permissionless `BribeRewarder` registration will cause the bribing mechanism unavailable as an attacker will register `BribeRewarder`s with `_amountPerPeriod = 1 wei`

Incorrect ownership check in `MlumStaking#addToPosition` will cause locking user's funds more than a week as an attacker will call `MlumStaking#addToPosition` to user's position at the end of locking period

Rounding down `avgDuration` in `MlumStaking#addToPosition` allows users add `MLUM` to a position without extending `lockDuration` at the end of a locking period

Rounding to zero while calculating `debtPerShare` in `MasterChefRewarder`, `BribeRwarder` when the rewards is low decimals token will prevent the rewards from accruing as an attacker will update the rewards every block

Unclaimed rewards when emergency withdrawing are not redistributed in `MasterChef` and `MlumStaking`

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

Multicall does not work as intended

LiquidateWithReplacement does not charge swap fees on the borrower

withdraw() users may can't withdraw underlyingBorrowToken properly

Possible DoS When calling `GammaTradeMarket::_removePosition` will cause user position to not be able to get liquidated

`StrategyPassiveManagerVelodrome`'s functionality would break when being initialized with a pool that has one of the trading tokens as a reward token

A malicious user can transfer an arbitrary amount of WETH from `LpVault` to `PortfolioVault` by staking native token as collateral