Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

`shareBalance` bloating eventually blocks curator rewards distribution

Signature replay in `createArt` allows to impersonate artist and steal royalties

Attacker can DOS user from selling shares of a credId

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Fragmentation fee is not taken if user compensates with newly created position

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

Multicall does not work as intended

`AccountingManager#totalWithdrawnAmount` should reflect tokens actually transferred to users, instead of expected transfers

First depositor can make subsequent depositor lose all of her or his deposit

`performanceFeeReceiver` cannot mint any performance fee shares even if TVL is dropped by only a very tiny amount

setFees doesn't collect previous fees before changing fee values

`depositQueue.queue` in `AccountingManager` can be flooded causing a DoS

Using the same heartbeat for multiple price feeds

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

User can get their Kerosene stuck because of an invalid check on withdraw

Attacker Can Frontruns User's Withdrawals To Make Them Reverts Without Costs

`VaultManagerV2.sol::burnDyad` function is missing an `isDNftOwner` modifier, allowing a user to burn another user's minted DYAD

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

Value of kerosene can be manipulated to force liquidate users

Users can front run the signature of the paymaster operation leading to some problems.

Borrowers can DoS liquidations by repaying as little as 1 share.

Unchecked return value bug on `TransferHelper::_safeTransferFrom()`

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Can mint NFT with the desired attributes by reverting transaction

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

THE USER WHO WITHDRAWS LIQUIDITY FROM A PARTICULAR POOL IS ABLE TO CLAIM MORE REWARDS THAN HE DULY DESERVES BY CAREFULLY SELECTING A `decreaseShareAmount` VALUE SUCH THAT THE `virtualRewardsToRemove` IS ROUNDED DOWN TO ZERO

formPOL lacks slippage and deadline protection

Anyone can steal all distributed rewards

Anyone can prolong the time for the rewards to get distributed

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

All tokens can be stolen from `VirtualAccount` due to missing access modifier

The peg stability module can be compromised by forcing lowerDepeg to revert.

Users may be forced into long lock times to be able to undelegate back to themselves.

`rngComplete` function should only be called by `rngAuctionRelayer`

`drawManager` CAN BE SET TO A MALICIOUS ADDRESS

If `ProtocolRewardsPool` is insufficient in EUSD, users will not be able to calim any rewards

TalosBaseStrategy#init() lacks slippage protection

missing isEpochClaimed validation