Incorrect calculation of `newCumulativeIndex` in function `calcDecrease`

`PositionAction4626::increaseLever` will always revert

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

When `LockManager.lockOnBehalf` is called from `MigrationManager`, the user's `reminder` will be set to 0, resulting in fewer received `MunchableNFTs`

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

disable_max_lock may allow users to remove locks of other users

ExerciseLP allows anyone to increase the lock of other users

The MINIMUM_LIQUIDITY value at the Pair contract is not enough to defend against early inflation attacks

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

When `LockManager.lockOnBehalf` is called from `MigrationManager`, the user's `reminder` will be set to 0, resulting in fewer received `MunchableNFTs`

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Claimable:claimPrize beforeClaimPrize hooks can be used to steal rewards from the reward recipient

Claimer:claimPrizes does a naive feePerClaim calculation

`SNXConnector.sol` TVL calculation is incorrect.

`AccountingManager::resetMiddle` will not behave as expected

`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used

Numerous errors when calculating the TVL for the MorphoBlue connector

PendleConnector.sol::supply doesn't pass a valid slippance protection min

Improper price validation in CompoundConnector.sol will lead to stale prices being used.

First depositor can make subsequent depositor lose all of her or his deposit

MorphoBlueConnector:withdraw withdraws supplied tokens in a market order

burnSharesToWithdrawEarnings burns shares before calculating the principal token amount to withdraw

Unchecked principal token transfers may lead to false adding of principal to commitments and burning of shares without receiving assets back

lenderCloseLoanWithRecipient internal function does not send the collateral to the collateral recipient argument of the call

liquidateDefaultedLoanWithIncentive can be gamed to avoid paying loans interest

Malicious borrower can pay each payment and make its own loan default 1 month later

LibProposing:proposeBlock allows blocks with a zero parentMetaHash to be proposed after the genesis block and avoid parent block verification

RioLRTWithdrawalQueue:settleCurrentEpoch overrides assetsReceived

getReserves doesn't utilize the most accurate method to determine totalSupply for some Balancer pools

The price of rsEHT could be manipulated by the first staker

Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range

`setAnnualInterestBips()` can be abused to keep a market's reserve ratio at 90%

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Repeated Vote Allocation Due to Missing Update of Allocator's Total Voice Credits in _qv_allocate Function.

Flawed Allocation Logic Potentially Doubles Voice Credits to Recipients in QVBaseStrategy

Lack of access control on the rollLoan function exposes borrowers to bad loan conditions

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

Increasing reserves breaks PrizePool accounting