Exchange Rate Manipulation via Uniswap V3 Spot Price Dependency in LP Valuation

Owner Can Steal Vault Funds via removeTokenIdAtIndex Accounting Manipulation

JDola ERC-4626 `max*` Functions Do Not Account for Internal Vault Limits

Integer Division Rounding Enables Free Token Theft in Token Swaps

Attacker can zero out pending staking rewards through minimal stake manipulation

Multiple Pools Drain Staking Rewards via Missing Canonical Pool Enforcement

Per-Trade Epoch Anchoring Enables 100% Cashback Overpayment via Timing Manipulation

First staker after idle period captures all emissions from zero‑stake interval

Retroactive Mint Rate Application Violates Global Emission Rate Integrity

Hard-coded 6-Decimal Assumption Causes Catastrophic Reward Miscalculation on BNB Chain

Incentive Front-Loading Due to Incorrect Time Reference in Reward Accrual

Fee Under-Collection in Exact-Output Swaps with Fee-from-Output

Ineffective transferVaultBalance Function Cannot Migrate Real Vault Balances

NFTManager tokenURI() Reverts Due to Incorrect Diamond Storage Access

ViewWalker Cross-Assignment Bug Causes Incorrect Fee Calculations

Unauthorized Access via Spoofed ControlTower Authorization

WUSR Mint Function Overcredits Users Due to Misuse of ERC4626 `previewMint

Missing receive() Functions Break ETH Zap Functionality

Reward Backlog Accumulation Bug Allows First Stakers After Idle Periods to Steal Rewards