When rolling over, user will lose his winnings from previous epoch

Depositor can totally bypass deposit fee using deposit queue

Rollover mechanism doesn't update the queue index counter after removing item from queue

When updating an existing rollover queue entry, `ownerToRollOverQueueIndex` will point to wrong place

A null epoch can be resolved using `triggerEndEpoch`, thereby losing user funds

`mintRollovers` might automatically generate bad rollover entries in which `assets<=relayerFee`, resulting in rollover bricking

Emissions would be lost in null epochs

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

Infinite minting is possible for markets who don't support all protocols

Attacker can steal funds from redemptions by minting matured PTs

Minting iPTs through iPTs will inflate iPT's totalSupply and mess up accounting

Reentrancy in lending functions allows attacker to mint infinite amount of iPTs

User-supplied AMM pools and no input validation allows stealing of stEth protocol fees

`authRedeem` and `autoRedeem` do not check if the market is paused

`ERC5095.redeem/withdraw` do not work before token maturity

Reentrancy in redemption methods can lead to total bricking of Sense redemption

Wrong slippage control in `ERC5095.mint` will make user get less tokens than deserved

Protocol will lose fees when lending on Swivel and swapping in YieldPool

Extra minting after `yield()` function causes iPT supply inflation and skewed accounting

Proposal which started buyout which fails is able to settle migration as if its buyout succeeded.

Fund will be stuck if a buyout is started while there are pending migration proposals

Division rounding can make fraction-price lower than intended (down to zero)

Migration: no check that user-supplied `proposalId` and `vault` match

Migration::withdrawContribution falsely assumes that user should get exactly his original contribution back

Migration's `leave` function allows leaving a committed proposal

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract

Malicious User Could Burn The Assets After A Successful Migration

```migrateFractions``` may be called more than once by the same user which may lead to loss of tokens for other users

An attacker can DoS vault's buyout with as little as 1 wei per 4 days

A VAULT OWNER CAN FRONTRUN A PLUGIN CALL AND CHANGE ITS IMPLEMENTATION

NibblVault: In the buy function, users can avoid paying fees

Allowance check always true in ERC5095 redeem

Redeemer.redeem() for Element withdraws PT to wrong address.

Tempus lend method wrongly calculates amount of iPT tokens to mint

Redeem Sense can be bricked

ERC5095 redeem/withdraw does not update allowances

Lender: no check for paused market on mint

Incorrect implementation of APWine and Tempus `redeem`

Unable to redeem from Notional

Able to mint any amount of PT

Funds may be stuck when `redeeming` for Illuminate

Illuminate PT redeeming allows for burning from other accounts

[H-05] Not minting iPTs for lenders in several lend functions

Pendle Uses Wrong Return Value For `swapExactTokensForTokens()`

Swivel lend method doesn't pull protocol fee from user

Lend method signature for illuminate does not track the accumulated fee

sellPrincipalToken, buyPrincipalToken, sellUnderlying, buyUnderlying uses pool funds but pays msg.sender

[M-01] Easily bypassing admins 'pause' for swivel

`Lender.mint()` May Take The Illuminate PT As Input Which Will Transfer And Mint More Illuminate PT Cause an Infinite Supply

Centralisation Risk: Admin Can Change Important Variables To Steal Funds

`_harvest` has no slippage protection when swapping `auraBAL` for `AURA`

Badger rewards from Hidden Hand can permanently prevent Strategy from receiving bribes

Sellers may lose NFTs when orders is matched with `matchOrders()`

Reentrancy from matchOneToManyOrders

Accumulated ETH fees of InfinityExchange cannot be retrieved

InfinityExchange computes gas refunds in a way where the first order's buyer pays less than the later ones

Rounding Issues In Certain Functions

Users can get unlimited votes

RubiconRouter _swap does not pass whole amount to RubiconMarket

RubiconRouter: Offers created through offerWithETH() can be cancelled by anyone

USDT is not supported because of approval mechanism

Strategists can't be removed

previewWithdraw calculates shares wrongly

Strategists can take more rewards than they should using the function strategistBootyClaim().

No cap on fees can result in a DOS in BathToken.withdraw()

Possible token reentrancy in release() of BathBuddy.sol

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter

AuraLocker kick reward only takes last locked amount into consideration, instead of whole balance

MerkleVesting withdrawal does not verify that tokens were transferred successfully

SpeedBumpPriceGate: Excess ether did not return to the user

Malicious token reward could disable withdrawals

amount requires to be updated to contract balance increase (1)

ERC20 tokens with different decimals than 18 leads to loss of funds

Critical Oracle Manipulation Risk by Lender

Reentrancy at _requestLoan allows requesting a loan without supplying collateral

[WP-H0] `DEFAULT_ADMIN_ROLE` of `BribeVault` can steal tokens from users' wallets

Wrong logic around `areOperatorsImported`

Malicious Users Can Duplicate Protocol Earned Yield By Transferring `wCVX` Tokens To Another Account

Oracle data feed is insufficiently validated.

deposit() function is open to reentrancy attacks

Vaults with non-UST underlying asset vulnerable to flash loan attack on curve pool

No setter for exchangeRateFeeder, whose address might change in future

Changing a strategy can be bricked

The reentrancy vulnerability in _safeMint can allow an attacker to steal all rewards

`_safeMint` Will Fail Due To An Edge Case In Calculating `tokenId` Using The `_generateNewTokenId` Function

SingleNativeTokenExitV2 assumes first exchange holds the outputToken

`totalSupply` may exceed `LibBasketStorage.basketStorage().maxCap`

block.timestamp or deadline

Malicious tickets can lead to the loss of all tokens

Continue claiming reqrds after numberOfEpochs are over

cancelPromotion is too rigorous

Rewards can be claimed multiple times

`cancelPromotion()` Unable to cancel unstarted promotions

Wrong shortfall calculation

Reentrancy in settleAuction(): malicious publisher can bypass index timelock mechanism, inject malicious index, and rug the basket

Bonding mechanism allows malicious user to DOS auctions

Wrong fee calculation after totalSupply was 0

Auction settler can steal user funds if bond timestamp is high enough

User can mint miniscule amount of shares, later withdraw miniscule more than deposited

Basket becomes unusable if everybody burns their shares

Auction bonder can steal user funds if bond block is high enough

`Basket.sol#mint()` Malfunction due to extra `nonReentrant` modifier

Lost fees due to precision loss in fees calculation

recoverTokens doesn't work when isSale is true

Reward token not correctly recovered

Wrong calculation of excess depositToken allows stream creator to retrieve `depositTokenFlashloanFeeAmount`, which may cause fund loss to users

Frontrunning `PublicLock.initialize()` can prevent upgrades due to insufficient access control

Support of different ERC20 tokens

MixinPurchase:shareKey allows to generate keys without purchasing

Key buyers will not be able to get refund if lock manager withdraws profits

Refund mechanism doesn't take into account that key price can change

Missing maxNumberOfKeys checks in shareKey and grantKey

Key transfer will destroy key if from==to

`initialBalance` for native token is wrong

Trades where toToken is feeOnTransferToken might send user less tokens than finalAmountMin

WrappedIbbtcEth contract will use stalled price for mint/burn if updatePricePerShare wasn't run properly

No sanity check on pricePerShare might lead to lost value

debtWriteOff updates totalFrozen immaturely, thereby losing staker rewards

Comptroller rewards can be artificially inflated and drained by manipulating [totalStaked - totalFrozen] (or: wrong rewards calculation)

Reentrancy in settleAuction(): malicious publisher can bypass index timelock mechanism, inject malicious index, and rug the basket

Bonding mechanism allows malicious user to DOS auctions

Wrong fee calculation after totalSupply was 0

Auction settler can steal user funds if bond timestamp is high enough

User can mint miniscule amount of shares, later withdraw miniscule more than deposited

Basket becomes unusable if everybody burns their shares

Auction bonder can steal user funds if bond block is high enough

`Basket.sol#mint()` Malfunction due to extra `nonReentrant` modifier

Lost fees due to precision loss in fees calculation

Reentrancy in settleAuction(): malicious publisher can bypass index timelock mechanism, inject malicious index, and rug the basket

Bonding mechanism allows malicious user to DOS auctions

Wrong fee calculation after totalSupply was 0

Auction settler can steal user funds if bond timestamp is high enough

User can mint miniscule amount of shares, later withdraw miniscule more than deposited

Basket becomes unusable if everybody burns their shares

Auction bonder can steal user funds if bond block is high enough

`Basket.sol#mint()` Malfunction due to extra `nonReentrant` modifier

Lost fees due to precision loss in fees calculation