Logical error in `validate_fees_are_paid` can cause a DoS or allow users to bypass fees if `denom_creation_fee` includes multiple coins including `pool_creation_fee` and the user attempts to pay all fees using only `pool_creation_fee`

Liquidity providers can lose tokens due to disproportionate deposits not being properly handled

`withdraw_liquidity` lacks slippage protection

Penalty fees can be shared among future farms or expired farms, risks of exploits

`ChakraSettlement.receive_cross_chain_msg` and `ChakraSettlement.receive_cross_chain_callback` functions do not ensure that receiving `ChakraSettlement` contract's `contract_chain_name` must match `to_chain` corresponding to respective `txid` input though

Anyone can manipulate user nonce (nonce_manager) in settlement contract

SettlementSignatureVerifier is missing check for duplicate validator signatures

In Starknet already processed messages can be re-submitted and by anyone

Invalid token address used in `ChakraSettlementHandler::cross_chain_erc20_settlement(...)` leading to invalid transaction creation and event emission

inconsistency in sender address when creating cross chain messages on Starknet can lead to loss of funds

Axelar cross chain token transfers balance tracking logic is completely broken for rebasing tokens and the transfers of these type of tokens can be exploited

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

RewardRouter.distributeRewards's slippage protection isn't correct when alETH is used as debtToken

`ZivoeRewardsVesting.depositReward` and `ZivoeRewards.depositReward` lack of permission check and parameter check.

`OCL_ZVE.pushToLockerMulti` might be DOSed

Precision loss in `OCC_Modular.applyCombine`

malicious user can steal his collateral back after he wins the auction

`IJalaPair.permit` hasn't been implementation

`Vault._state.liquidity.totalDeposit` can avoid being decreased.

`YoloV2.depositETHIntoMultipleRounds` lacks of checking if `amounts` containing **0 value** element

MinShares Slippage Parameters Are Ineffective For Initial Deposit

Attacker Can Inflate LP Position Value To Create a Bad Debt Loan

Attacker can take advantage of Chainlink price not occuring within it's 60 minute heartbeat to make PriceAggregator calls fail

Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`

SALT staker can get extra voting power by simply unstaking their xSALT

Unwhitelisting does not clear _arbitrageProfits, so re-whitelisting may result in an unfair distribution of liquidity rewards.

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

Impossible to change managed wallets with `proposeWallets` after first rejection

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

`BalancerPoolTokenPrice.getStablePoolTokenPrice` calculates price incorrectly

`BunniPrice.getBunniTokenPrice` calculates price incorrectly

No slippage protection for Market functions

The price of rsEHT could be manipulated by the first staker

Update in strategy will cause wrong issuance of shares

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

users still forced to follow previously set cooldownDuration even when cooldown is off (set to zero) before unstaking

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Incorrect source address decoding in RootBridgeAgent and BranchBridgeAgent's _requiresEndpoint breaks LayerZero communication

Incorrect flag results to _hasFallbackToggled always set to false on createMultipleSettlement.

When using BaseBranchRouter as a router on the 'Arbitrum' branch, we are unable to invoke the 'callOutAndBridge' function.

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

Inaccurate swap amount calculation in ReLP leads to stuck tokens and lost liquidity

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

`extractTAP()` function can allow minting an infinite amount in one week, leading to a DoS attack in `emitForWeek()`

CompoundStrategy `_currentBalance` uses `exchangeRateStored` which is leaks value

token mights stuck in MagnetarMarketModule contract if the asset doesn't support cross-chain operation

Missing deadline checks allow pending transactions to be maliciously executed

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

`_getDiscountedPaymentAmount` doesn't work for tokens with more than 18 decimals

User can steal tokens by using duplicated ERC20 tokens as parameter in NounsDAOLogicV1Fork.quit

`UlyssesToken` asset ID accounting error

Multiple issues with decimal scaling will cause incorrect accounting of hTokens and underlying tokens

RestakeToken function is not permissionless

Protocol fees can become trapped indefinitely inside Talos vault contracts

BranchBridgeAgent._normalizeDecimalsMultiple will always revert because of lacking of allocating memory

Approval Race Protections

Deprecated Chainlink oracle API

Chainlink oracle missing check to see if the L2 sequencer is down

Bad Debt in PoolLens.sol#getPoolBadDebt() is not calculated correctly in USD

ERC20 return values not checked

FootiumClub.safeMint should use ERC721Upgradeable._safeMint instead of ERC721Upgradeable._mint

A malicious user can steal lender's token by front run TellerV2.lenderAcceptBid with little cost

function `restructureCapTable()` in Equity.sol not functioning as expected

Reward accounting is incorrect in BathBuddy contract

Some offers can't be cancelled

Low level calls to accounts with no code will succeed in `FeeWrapper`

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

Residual ETH unreachable and unuitilized in SafEth.sol

Bio Protocol - `tokenURI` JSON injection

RootBridgeRelay.bridgeTransfer might not working

Carousel.enlistInRollover will overwrite ownerToRollOverQueueIndex incorrectly if ownerToRollOverQueueIndex already exists

User can lose up to whole stake on vault withdrawal when there are funds locked in the strategy

DOS any Staking contract with Arithmetic Overflow

Owner can collect management fees with a new increased fee for previous time period.

Anyone can reset fees to 0 value when Vault is deployed