The `BURNER` cannot burn tokens from accounts not KYC verified due to the check in `_beforeTokenTransfer`.

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Anyone can steal all distributed rewards

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

Replay attack to suddenly offboard the re-onboarded lending term

`LendingTerm` Inconsistency between debt ceiling as calculated in `borrow()` and `debtCeiling()`

Incorrect calculations in debtCeiling

LendingTerm::debtCeiling() can return wrong debt as the min() is evaluated incorrectly

LendingTerm debtCeiling function uses creditMinterBuffer incorrectly

Malicious borrower can decrease Guild holders reward

Users may be forced into long lock times to be able to undelegate back to themselves.

Delegated votes are locked when owner lock is expired

Voters from VotingEscrow can vote infinite times in vote_for_gauge_weights() of GaugeController

User don't have to deposit for a week into the market to get his weekly reward from the `LendingLedger`

`LidoEthStrategy._currentBalance` is subject to price manipulation, allows overborrowing and liquidations

Usage of `BalancerStrategy.updateCache` will cause single sided Loss, discount to Depositor and to OverBorrow from Singularity

Ability to steal user funds and increase collateral share infinitely in BigBang and Singularity

Potential 99.5% loss in `emergencyWithdraw()` of two Yieldbox strategies

CompoundStrategy attempts to transfer out a greater amount of ETH than will actually be withdrawn, leading to DoS

Accounted balance of GlpStrategy does not match withdrawable balance, allowing for attackers to steal unclaimed rewards

Rewards compounded in AaveStrategy are unredeemable

[HB02] `BalancerStrategy.sol`: `_withdraw` withdraws insufficient tokens

[HB10] `AaveStrategy.sol`: Changing swapper breaks the contract

In case of Loss to the Yearn Vault, the Contract will stop working until the loss is repaid

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

Loss of possible rewards in Curve Gauge

A portion of stargate token rewards earned by StargateStrategy are permanently locked in the contract

`SGLBorrow::repay` and `BigBang::repay` uses `allowedBorrow` with the asset amount, whereas other functions use it with share of collateral

Some positions will get liquidated immediately

Reward accounting is incorrect in BathBuddy contract

Some offers can't be cancelled

An attacker can steal all tokens of users that use `FeeWrapper`

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed

DoS due to external call failure

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

Unsafe casting from `uint256` to `uint16` could cause ticket prizes to become much smaller than intended

If the strategy incurs a loss the Active Pool will stop working until the shortfall is paid out entirely

Squeezing drips from a sender can be front-run and prevented by the sender

Fee on transfer tokens will not behave as expected

Malicious strategist could deny borrowers from repaying loan and force liquidation by setting a extremely high vault fee

Liquidation will fail if value set as `liquidationInitialAsk` > 2**88-1, causing collateral to be permanently locked

Lack of support for fee-on-transfer token

settleAuction() Check for status errors

Two day low oracle used in `Market.liquidate()` makes the system highly at risk in an oracle attack

Oracle assumes token and feed decimals will be limited to 18 decimals

`safeTransfer` function does not check for existence of ERC20 token contract

Project funds can be drained by reusing signatures, in some cases