Users cannot stop loss in AutoRange and AutoExit

Users's tokens stuck in AutoCompound after Vault is deactivated.

Due to interest rates update method, Interest-Free Loans are possible and the Cost of DoS are reduced

Protocol can be repeatedly gas griefed in `AutoRange` external call

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Fighter created by mintFromMergingPool can have arbitrary weight and element

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

`ArtPiece.totalVotesSupply` and `ArtPiece.quorumVotes` are incorrectly calculated due to inclusion of the inaccessible voting powers of the NFT that is being auctioned at the moment when an art piece is created

Incorrect amounts of ETH are transferred to the DAO treasury in `ERC20TokenEmitter::buyToken()`, causing a value leak in every transaction

Once EntropyRateBps is set too high, can lead to denial-of-service (DoS) due to an invalid ETH amount

Bidder can use donations to get VerbsToken from auction that already ended.

Lack of Balance Validation

SecurityCouncilNomineeElectionGovernor might have to wait for more than 6 months to create election again

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

Improper handling of cases when withdrawable assets = 0

EUSD.mint function wrong assumption of cases when calculated sharesAmount = 0

Due to inappropriately short `votingPeriod` and `votingDelay`, it is near impossible for the governance to function correctly.

Impossibility to change `safeCollateralRatio`

Anyone can change approval/disapproval threshold for any action using LlamaRelativeQuorum strategy.

LlamaPolicy could be DOS by creating large amount of actions.

Governance attack on Extraordinary Proposals

The voting thresholds in Ajna's Extraordinary Funding Mechanism can be manipulated to execute proposals below the expected threshold.

Reward accounting is incorrect in BathBuddy contract

DOS of market operations with malicious offers

Zero reward rate calculation impedes low-decimals token distributions

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

Incompatibility between balanceOf and balanceOfBatch.

Modifier VaultController._verifyCreatorOrOwner does not work as intented

Price will not always be 18 decimals, as expected and outlined in the comments

An attacker can make users unable to cancel their L1 calls on Ethereum To Arbitrum

Bidders might fail to withdraw their unused funds after the auction was finalized because the contract doesn't have enough balance.

Attacker may DOS auctions using invalid bid parameters

Denial of service when `baseAmount` is equal to zero