Uniswap V3 Spot Price Manipulation Enables Share Price Manipulation in stNXM Vault

Insufficient Uniswap V3 Observation Cardinality in `StNxmOracle::price()`

`StNxmOracle::sanePrice` check will revert on normal price movements

Global Variable Manipulation During Active Draw Alters End Result

first depositor attack possible through multiple attack paths because the deposit function does not check 0 shares received.

Traders will claim retroactive cashback rewards for ineligible epochs

Wrong Accounting for users

Vault Removal Ignores Direct Token Transfers

transferFrom in stETH will transfer 1-2 less way, which would result in revert in consequent functions, because of not enough balance

Fully blacklisted users can stake and specify a different receiver address

Improper Handling of Native ETH in `getLiquidAssets` Leads to Potential Denial of Service

Chain-Specific Interface Mismatch in Convex Deposit Function

`_doMixSwap` blindly approves whatever token is specified in params.fromToken

Borrowers will pay excessive interest due to double interest calculation in `CoreRouter::borrow`

Usage of IERC20 transfer method would fail on some tokens due to lack of return of boolean value