Incorrect update of _userTokensByLaunchGroup in updateParticipation allows bypassing user max/min limits

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Wrong handling of call data check indices, forcing it sometimes to revert

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

`ChakraSettlement.receive_cross_chain_msg` and `ChakraSettlement.receive_cross_chain_callback` functions do not ensure that receiving `ChakraSettlement` contract's `contract_chain_name` must match `to_chain` corresponding to respective `txid` input though

In settlement.cairo::receive_cross_chain_msg - the payload_type can be passed by the user, confusing offchain systems

Anyone can manipulate user nonce (nonce_manager) in settlement contract

SettlementSignatureVerifier is missing check for duplicate validator signatures

In Starknet already processed messages can be re-submitted and by anyone

handler's `receive_cross_chain_callback()` will always set the tx_status to `SETTLED` on source chain & burn the tokens (MintBurn Mode) even when the msg fails on destination

Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement

SettlementSignatureVerifier's required_validators is not updated, resulting in a low or high number of signatures being required

Bridge requests to remote chains where interchain tokens are not deployed can result in DoS attacks

Can block bridge or limit the bridgeable amount by initializing the ITSHub balance of the original chain

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Forger Entities can forge more times than intended

Pause and unpause functions are inaccessible

Valid redemption proposals can be disputed by decreasing collateral

Closing a SR during a wrong redemption proposal leads to loss of funds

Using cached price to create a proposal reduce the efficacity of redemptions for asset peg

oracleCircuitBreaker: Not checking if price information of asset is stale

transferShortRecord: Can transfer a newly created ShortRecord using a previously minted NFT

Can manipulate the C.SHORT_STARTING_ID ShortRecord of the TAPP

Tokens deposited in the Vesting contract can be drained by re-entering Vesting.claim

Native tokens cannot be deposited in the Vesting contract

_swapBaseToBase: Can mipulate base token price by swapping between same base token

Chainlink price oracle can be zero or negative, but does not check for it

New withdrawal requests can be created in the same epoch after WithdrawalQueue.queueCurrentEpochSettlement, causing loss of tokens for the user

depositTokenToOperators: When allocating ERC20 to multiple operators, it always fails because the predicted share and the actual share received are not the same

Can verify with an external validator that is not registered in the Rio system. Prevent other operators from verifying

RioLTROperatorDelegator.receive always reverts so it is unable to receive partial withdrawals and any amount in excess of 32 ETH for full withdrawals

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Minter / Staker / Spender roles can never be revoked`..,

Can mint NFT with the desired attributes by reverting transaction

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Fighter created by mintFromMergingPool can have arbitrary weight and element

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

Incorrect calculation to check remaining ratio after reward in StableConfig.sol

Some rewards from POL will not be send to team wallet nor burned

DOS of proposals by abusing ballot names without important parameters

SALT staker can get extra voting power by simply unstaking their xSALT

Unwhitelisting does not clear _arbitrageProfits, so re-whitelisting may result in an unfair distribution of liquidity rewards.

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

Impossible to change managed wallets with `proposeWallets` after first rejection

Absence of autonomous mechanism for `selling collateral assets in the external market in exchange for USDS` will cause undercollateralization during market crashes and will cause USDS to depeg.

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

onBalanceChange causes previously unclaimed rewards to be cleared

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Incorrect calculations in debtCeiling

Single host can unfairly skip veto period for proposal that does not have full host support

PartyGovernanceNFT.sol#mint - User can delegate another user funds to themselves and brick them from changing the delegation

_killWoundedAgents

fulfillRandomWords

`transferSAFEOwnership()` does not fully transfer ownership

Unable to retrieve price information with CamelotRelayer contract

ODSafeManager.enterSystem - Transfer wrong amount of collateral, debt

Approved address can approve other addresses for an owner's safe

Module transactions will always fail because incompatible with Safe 1.5.0

All tokens can be stolen from `VirtualAccount` due to missing access modifier

At claimDefaulted, the lender may not receive the token because the Unclaimed token is not processed

Should be able to reset callback setting in transferOwnership function

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

Owner can incorrectly pull funds from contests not yet expired

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

Anyone can burn **DecentralizedStableCoin** tokens with `burnFrom` function

Double-spending vulnerability leads to a disruption of the DSC token

Precision loss when calculating the health factor

Constructor of `Escrow` should make sure that `buyer`, `seller`, `arbiter` are different from each other.

Blocked follower can keep follow with `batchMigrateFollows`