RIPEMD-160 precompile yields wrong hashes for large set of inputs due to off-by-one error

RIPEMD160 precompile crashes with a Cairo exception for some input lengths

Incorrect totalsupply value will be returned due to erroneous return data decode implementation

Jump in creation code leads to reverting of the starknet transaction

`LiquidationLogic@_burnCollateralTokens` does not account for liquidation fees when withdrawing collateral during liquidation leading to incorrect accounting and Pools insolvency

Interest rate is updated before updating the debt when repaying debt

Incorrect accounting when executing mint to treasury in withdrawals

Availability of deposit invariant can be bypassed

PositionAction.decreaseLever() fails to consider the loan fee in Flashlender when calculating loanAmount, as a result, the functionanlity will not work when protocolFee != 0.

Pagination is wrong in GetIdsOfActiveTopics

Broken invariant : the sum of all (delegateRewardsPerShare * delegated stake

Attacker can permanently DoS the chain by queuing a stake removal or a delegate stake removal with a negative amount

SetDelegateStakePlacement error is not handled in RewardDelegateStake

Anyone can override reputers and worker nodes information by using the same LibP2PKey

RemoveStakes and RemoveDelegateStakes silently handle errors in EndBlocker

Attacker can slow down / halt the chain by queuing multiple stake removals or delegate stake removals

Non deterministic iteration over maps in inference synthesis

SafeApplyFuncOnAllActiveEpochEndingTopics processes two more pages than the desired max topic page

Broken invariant : the sum of all (delegateRewardsPerShare * delegated stake

Mint and Emissions modules register errors with an error code of 1

Some Iterators are not closed in emissions module Keeper

RemoveDelegateStake silently handles the error when checking for existing removals

PriceFeed does not return to the correct price for quote pairs

Vaults can become immune from liquidation by setting `vault.recipient` to a blacklisted quote token address

Availability of deposit invariant can be bypassed

PositionAction.decreaseLever() fails to consider the loan fee in Flashlender when calculating loanAmount, as a result, the functionanlity will not work when protocolFee != 0.

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

DOS of `completeQueuedWithdrawal` when ERC20 buffer is filled

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

setUnboundedKerosineVault not called during deployment, causing reverts when querying for Kerosene value after adding it as a Kerosene vault

The price of rsEHT could be manipulated by the first staker

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

Vulnerability in burnToMint function allowing double use of NFT

The RandomizerVRF and RandomizerRNG not produce hash value.

Borrower has no way to update `maxTotalSupply` of `market` or close market.

All tokens can be stolen from `VirtualAccount` due to missing access modifier

If RootBridgeAgent.lzReceiveNonBlocking reverts internally, the native token sent by relayer to RootBridgeAgent is left in RootBridgeAgent

EIP-1167 is not supported on zkSync Era

Incorrect strategy poolAmount for pools using fee on transfer tokens

Cached `DOMAIN_SEPARATOR` is incorrect for tranche tokens potentially breaking permit integrations

The peg stability module can be compromised by forcing lowerDepeg to revert.