Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Balance check during MagicSpend validation cannot ensure that MagicSpend has enough balance to cover the requested fund.

Incorrect __Essential_init() function is used in TaikoToken making snapshooter devoid of calling snapshot()

Distribution can be bricked, and double claims by a few holders are possible when owner calls `LiquidInfrastructureERC20::setDistributableERC20s`

Users will lose their cross-chain transaction if the destination router do not have enough WETH reserves.

Permanent loss of tokens if swap data gets outdated

Unauthorized Access to setCurves Function

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

Violation of ERC-721 Standard in VerbsToken:tokenURI Implementation

Bidder can use donations to get VerbsToken from auction that already ended.

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

A safe that been created using version 1.40=< will not be compatible with Brahma

All tokens can be stolen from `VirtualAccount` due to missing access modifier

when funding the pool there can be a zero transfer of fee value

computing CR only works for collateral with 18 decimals value

If the strategy incurs a loss the Active Pool will stop working until the shortfall is paid out entirely

funding of bounties with erc20 tokens can be blocked

possible grief attack on bounty refund deposit call

Malicious strategy can lead to loss of funds

cool down time period is not properly respected for the `harvest` method

ERC20 tokens with special transfer are not handled correctly

MinipoolManager: node operator can avoid being slashed

Hijacking of node operators minipool causes loss of staked funds

`requireNextActiveMultisig` will always return the first enabled multisig which increases the probability of stuck minipools

Coding logic of the contract upgrading renders upgrading contracts impractical

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

it's possible to swap NFT token ids without fee and also attacker can wrap unwrap all the NFT token balance of the Pair contract and steal their air drops for those token ids

Must approve 0 first

Centralization risks: owner can freeze withdraws and use timelock to steal all funds

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit

Users do not receive owed tokens if `TokenSender` contract cannot cover their owed amount.

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

Editions should be checked if they are actually deployed from the legitimate Escher721Factory

selfdestruct() will not be available after EIP-4758

Front-running admin setPrice call allows a single compromised oracle to set any price, allowing the oracle manipulator to drain all protocol funds

NTokenMoonBirds Reserve Pool Cannot Receive Airdrops

During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

MintableIncentivizedERC721 and NToken do not comply with ERC721, breaking composability

``checkOrder`` will invalidate any order by anyone

broken logic in configureGmxState() of PirexGmx contract because it doesn't properly call safeApprove() for stakedGmx address

PirexGmx.initiateMigration can be blocked

bull can unmatch an already matched order

Giant pools can be drained due to weak vault authenticity check

Owner can transfer all ERC20 reward token out using function recoverERC20

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Wrong slashing calculation rewards for operator that did not do his job

beforeTokenTransfer called with wrong parameters in LBToken._burn

It is possible that, after swapping, extra input token amount is transferred from user to pool but pool does not give user output token amount that corresponds to the extra input token amount

not able to create claim

The reveal process could brick if `randProvider` stops working

Users who deposit in one vault can lose all deposits and receive nothing when counterparty vault has no deposits

Tokens without properties can be minted and cannot be rendered