The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

User can earn rewards by frontrunning the new rewards accumulation in Ron staking without actually delegating his tokens

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

The maximum number of generations is infinite

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

There is no slippage check in the `nuke()` function.

Pause and unpause functions are inaccessible

Market Disruption and Financial Loss Post-Liquidation

Insufficient checks to confirm the correct status of the sequencerUptimeFeed

A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)

An Uninitialized Variable In The `MarketConfiguration::update` Function Causes The `PrepMarket::getIndexPrice` Function To Revert

Incorrect liquidatable checking for market order creation

Functions calling `verifyReport` to verify offchain prices from chainlink will fail

Liquidation of accounts collateral not posible because some chainlink price feed doesn't exist or are marked as medium risk by chainlink

Attacker can abuse the system by modifying the collateral of pending orders

payable Modifier in TradingAccountBranch::createTradingAccountAndMulticall

UpgradeBranch.sol does not use _disableInitializers()

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Borrower is not able to compensate his lenders if he is underwater

Size uses wrong source to query available liquidity on Aave, resulting in borrow and lend operations being bricked upon mainnet deployment

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

ThorChain will be informed wrongly about the unsuccessful ETH transfers due to the incorrect events emissions

A malicious user can steal money out of the vault and other users

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Incorrect withdraw queue balance in TVL calculation

Withdrawals of rebasing tokens can lead to insolvency and unfair distribution of protocol reserves

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

ETH withdrawals from EigenLayer always fail due to `OperatorDelegator`'s nonReentrant `receive()`

Lack of slippage and deadline during withdraw and deposit

`calculateTVL` may run out of gas for modest number of operators and tokens breaking deposits, withdrawals, and trades

Fixed hearbeat used for price validation is too stale for some tokens

Withdrawals and Claims are meant to be pausable, but it is not possible in practice

All staked users will not receive rewards if they are with low token decimals

All staked users rewards can be slowed down by anybody

Allowances block the protocol from adding liquidity to uniswap pools

Attacker can skip the distribution of yield from OCL locker for the month

Valid redemption proposals can be disputed by decreasing collateral

Using cached price to create a proposal reduce the efficacity of redemptions for asset peg

Attacker can reenter to mint all the collection supply