Adversary can win proposals with voting power as low as 4%

Adversary can prevent the launch of any ILO pool with enough raised capital at any moment by providing single-sided liquidity

Vultisig whitelisting can be bypassed by anyone

Most users won't be able to claim their share of Uniswap fees

`claim` function lacks slippage controls for `amount0` and `amount1` returned by `pool.burn` function call

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

Withdrawal from NFTs can be temporarily blocked

Distribution can be bricked, and double claims by a few holders are possible when owner calls `LiquidInfrastructureERC20::setDistributableERC20s`

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Erroneous probability calculation in physical attributes can lead to significant issues

Minter / Staker / Spender roles can never be revoked`..,

Can mint NFT with the desired attributes by reverting transaction

Fighter created by mintFromMergingPool can have arbitrary weight and element

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

No proposal time limit traps sponsors of unpopular proposals

Chainlink price feed uses BTC, not WBTC. In case of depegging, oracles will become easier to manipulate.

Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`

DOS of proposals by abusing ballot names without important parameters

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

Impossible to change managed wallets with `proposeWallets` after first rejection

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The owner of RPDX Decaying Bonds is not updated on token transfers

Missing slippage parameter on Uniswap `addLiquidity()` function

Users can make any user follow them via `FollowNFT::tryMigrate()` without their consent

Users can self-follow via `FollowNFT::tryMigrate()` on Lens V2

EIP-712 typehash is incorrect for several functions in `MetaTxLib`

Whitelisted profile creators could accidentally break migration for V1 profiles

Users can unfollow through `FollowNFT` contract when LensHub is paused by governance

`StableOracleDAI` calculates `getPriceUSD` with inverted base/rate tokens for Chainlink price

`getPriceUSD` in `StableOracleDai` is miscalculated with wrong decimals from the `priceFeedDAIETH` Chainlink feed

The protocol can't rebalance because `USSD::UniV3SwapInput()` will revert as it is missing the `deadline` when creating the `ExactInputParams` for the swap

`USSDRebalancer::getOwnValuation()` is easy to manipulate as it doesn't use TWAP for getting the pool price

Missing access control on `mintRebalancer` allows unrestricted minting of USSD tokens by anyone affecting pool balance on rebalance

`ethOracle` is not defined in `StableOracleDAI` making `getPriceUSD` always revert

`latestRoundData` from Chainlink might return stale or incorrect results

There is no method for redeeming DAI to prevent negative scenarios described in the whitepaper

Collateral tokens will be stuck on the contract and will be unusable after calling `USSD::removeCollateral()`

Position NFT can be spammed with insignificant positions by anyone until rewards DoS

Adversary can prevent the creation of any extraordinary funding proposal by frontrunning `proposeExtraordinary()`

Some ERC20 tokens can get permanently stuck in the contract due to use of `transfer()`

One extra academy player can be minted per season due to mischeck in `mintPlayers`

Increasing `_maxGenerationId` allows extra minting of academy players on previous seasons

It is impossible to slash queued withdrawals that contain a malicious strategy due to a misplacement of the ++i increment

A malicious strategy can permanently DoS all currently pending withdrawals that contain it

Borrowers can steal lenders principal without providing collateral by frontrunning `lenderAcceptBid` and updating the bid

Adversary can modify the commited collateral of any bid at any time leading to lost or locked assets and DOS of the protocol

Marketplaces owners can frontrun `submitBid` to steal collateral by modifying market parameters

CHALLENGER_REWARD can be used to drain reserves and free mint

Challenges can be frontrun with de-leveraging to cause lossses for challengers

Can't pause or remove a minter

function `restructureCapTable()` in Equity.sol not functioning as expected

`Factory.create`: Predictability of pool address creates multiple issues.

BathBuddy contract should implement methods to pause and unpause contract

An attacker can manipulate the preDepositvePrice to steal from other users.

Division before multiplication truncate minOut and incurs heavy precision loss and result in insufficient slippage protection

Residual ETH unreachable and unuitilized in SafEth.sol

Users can end up buying and paying for a different Tray than the one they were trying to acquire

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

Transactions will be frozen if incorrect settings are used during a deployment on HatsSignerGateFactory