Incorrect protocol fee calculations lead to unfair fee payments

A borrower cannot take back his collateral if the lender is blocked.

Vultisig whitelisting can be bypassed by anyone

Most users won't be able to claim their share of Uniswap fees

Early exit near the end of the lock-up period can be risky

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

ETH withdrawals from EigenLayer always fail due to `OperatorDelegator`'s nonReentrant `receive()`

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

Pending withdrawals prevent safe removal of collateral assets

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Anyone can borrow with a low interest rate in the `LenderCommitmentGroup_Smart`.

The protocol dosn't work well for USDT.

Incorrect check for `_collateralAmount` in `LenderCommitmentGroup_Smart.acceptFundsForAcceptBid()`.

Improper implementation of `TellerV2._lenderCloseLoanWithRecipient()` can result in frozen collateral into `LenderCommitmentGroup_Smart`.

Anyone can bypass the borrowing limitation of `LenderCommitmentGroup_Smart`.

Incorrect function selector in `FlashRolloverLoan_G5._acceptCommitment()`.

`LenderCommitmentGroup_Smart.sol` doesn't work correctly with fee-on-transfer tokens.

The fee distribution in the `FeeManager._splitProtocolFee()` function is incorrect.

The `Edition.mintBatch()` function pays less fees than expected.

An attacker can invalidate signatures for `TitlesGraph.acknowledgeEdge()` and `TitlesGraph.unacknowledgeEdge` by front running.

Incorrect assigning to memory variable in `TitlesGraph._setAcknowledged()`.

The `Edition.mintBatch()` function always reverts when `tokenIds_.length > 1`.

The excess Ether in the call to `Edition.mint()` is not returned to `msg.sender`.

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Missing enough exogeneous collateral check in `VaultManagerV2::liquidate` makes the liquidation revert even if (DYAD Minted > Non Kerosene Value)

User can get their Kerosene stuck because of an invalid check on withdraw

Legitimate pools can be taken over and the penalty is not fair.

`AsyncSynthVault._claimRedeem()` should check that `lastRedeemRequestId[owner] < epochId`.

`AutoExit` could receive a reward calculated from the entire position's fund even if `onlyFee` is true in `AutoExit.execute()`.

Wrong global lending limit check in `_deposit` function

Large decimal of referenceToken causes overflow at oracle price calculation

Users can lend and borrow above allowed limitations

The value of `operatorDetails.shareDetails[newShareCap.strategy].allocation` has to be deleted when `currentShareDetails.cap > 0 && newShareCap.cap == 0` at the function `OperatorRegistryV1Admin.setOperatorStrategyCap()`.

`currentEpochsByAsset` must be increased by 1 in `RioLRTWithdrawalQueue.queueCurrentEpochSettlement()`.

In `RioLRTCoordinator.requestWithdrawal`, `availableShares` doesn't consider previous queued withdrawals and users can request withrawal more than available shares.

`rebalance()` could be reverted unreasonably by improper checking in `OperatorOperation.depositTokenToOperators()`.