Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Attacker can DOS liquidity migration in LiquidityManager.sol

AccessControlHooks onQueueWithdrawal() does not check if market is hooked which could lead to unexpected errors such as temporary DoS

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

Anyone can manipulate user nonce (nonce_manager) in settlement contract

SettlementSignatureVerifier is missing check for duplicate validator signatures

In Starknet already processed messages can be re-submitted and by anyone

Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Number of entities in generation can surpass the 10k number

Lack of Slippage Protection in Dynamic Pricing Mint Function

Pause and unpause functions are inaccessible

Withdrawal from NFTs can be temporarily blocked

Distribution can be bricked, and double claims by a few holders are possible when owner calls `LiquidInfrastructureERC20::setDistributableERC20s`

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Minter / Staker / Spender roles can never be revoked`..,

When `DecentBridgeExecutor.execute` fails, funds will be sent to a random address

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

A subject creator within a single block can claim holder fees without holding due to unprotected reentrancy path

onBalanceChange causes previously unclaimed rewards to be cleared

Malicious pausing auction attack

Test addresses and incorrect interface in code prevent integration with UniswapV3 and Camelot

Vault721.tokenURI does not comply with ERC721 - Metadata specification

The takeOverDebt uses the wrong borrowingKey

Positions that are not eligible for rewards will affect the reward income of eligible positions.

TWO DIFFERENT TRANSACTIONS CAN RESULT IN THE SAME `txnHash` VALUE THUS BREAKING THE APPROVAL PROCESS OF TRANSACTION MINTING

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

`ReLPContract` wrongfully assumes protocol owns all of the liquidity in the UniswapV2 pool

Incorrect precision assumed from RdpxPriceOracle creates multiple issues related to value inflation/deflation

Inaccurate swap amount calculation in ReLP leads to stuck tokens and lost liquidity

reLP() mintokenAAmount the calculations are wrong.

addDust does not achieve the goal correctly and may overflow revert

`fastTrackProposalExecution` doesn't check `intendedRecipient`

`TemporalGovernor` can be bricked by `guardian`

Rounding error in `WUSDA` can result in loss of user funds, especially when manipulated by an attacker

After InitializeDistributionRecord buying tokens again will DOS claim airdrop in PriceTierVestingSale_2_0

When allowance is not 0, calling safeApprove will revert

xcall does not set a relayerfee

Collateral can be locked in BigBang contract when `debtStartPoint` is nonzero

Tokens can be stolen from other users who have approved Magnetar

`ARBTriCryptoOracle` is vulnerable to read-only reentrancy

`extractTAP()` function can allow minting an infinite amount in one week, leading to a DoS attack in `emitForWeek()`

CompoundStrategy `_currentBalance` uses `exchangeRateStored` which is leaks value

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

The owner can rug pull all wrappedNative token

latestRoundData without checking the L2 sequencer is offline

feePerUser calculation has precision error resulting in low protocol income

Transferout exclusive feeOnTransfer tokens will run out of well

There is a large precision error in sqrt calculation of lp

Due to slot confusion, reserve amounts in the pump will be corrupted, resulting in wrong oracle values

cancelSig will not completely cancel signatures due to malleability vulnerabilities

A malicious user can use reclaim to steal teller funds

The vault interest was miscalculated

Spot dex should check the balance difference before and after the transfer

_account_for_withdraw_liquidity rounding in the wrong direction will run out of the vault

EUSD.mint function wrong assumption of cases when calculated sharesAmount = 0

If `ProtocolRewardsPool` is insufficient in EUSD, users will not be able to calim any rewards

Incorrect function call in LybraRETHVault's getAssetPrice

Incorrect Reward Distribution Calculation in `ProtocolRewardsPool`

processWithdrawals failure causes user funds to be permanently locked

A malicious user can steal gas when another user calls processWithdrawals

When a stablecoin is depegging will affect protocol operation

The oracle price freshness was not checked

Uniswap3 TWAP price may be manipulated

Multipool and Dispatcher don't have slippage or timestamp protection

withdrawnReserves create an arbitrage opportunity to steal staking users' fund

parseAllPrice not support the tokens whose decimal is greater than 18

DODOv3 approve cannot interact with some tokens such as USDT

ERC20 token transfers should check the return value

Oracle price does not check if L2 sequencer is down

Chainlink aggregators return the minAnswer price if it's below minAnswer

getMaxReceive calculation has accuracy error may result in a transaction failure

The liquidator can set any stale price data by setSymbolsPrice and others can't override it

depositAndAllocateForPartyB method implementation error

lockQuote increaseNonce implementation error

A malicious liquidator can frontrun setSymbolsPrice to steal the reward

addLiquidityPermit2 isToken0Weth is always false

In `LlamaRelativeQuorum`, the governance result might be incorrect as it counts the wrong approval/disapproval.

_checkPrice not check price freshness

Chainlink's `latestRoundData` may return stale or incorrect result

Malicious user can front-run Gauges's `addBribeFlywheel` to steal bribe rewards

Multiple issues with decimal scaling will cause incorrect accounting of hTokens and underlying tokens

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

RestakeToken function is not permissionless

deposit gas through depositGasAnycallConfig should not withdraw the nativeToken

Oracle price not check for accuracy

Oracle price can be stale when L2 sequencer is down

StaticOracle address is incorrect

StableOracleDAI chainlink oracle decimal is 18

Uniswap no slippage protection

latestRoundData can return expired value

latestAnswer interface is deprecated

Chainlink may return stale price when L2 sequencer is down

If AmmModule approve more token may result DOS

_updateBucketExchangeRateAndCalculateRewards reward calculation accuracy loss

Reward accounting is incorrect in BathBuddy contract

Fee inclusivity calculations are inaccurate in RubiconMarket

Incorrect fee handling in Position.sol's Market Buy/Sell functions

Updating a pool's total points doesn't affect existing stake positions for rewards calculation