not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Canceled orders can be modified to drain protocol

No validation on msg.sender when creating order

Creating multiple orders in a multi-call function can be used to steal funds from StopLimit/Bracket contract

Use of fallback to steal from OracleLess contract

Sold NFT will remain stucked in BuyOrder Contract

An attacker can steal the entire borrow and lending incentive of an epoch with FLASHLOAN in a single transaction

Max withdrawal will cost protocol lost of 5% of the total fee to be collected

Discrepency b/w the `lastRewadTime` and the `lastAllPoolUpdate` can allow for incorrect reward distribution to pools if `registerRewardDeposit` deposits less assets

Usage of `lastEligibleStatus` can cause user to miss out on rewards on `manualStopEmissionsFor` invocation

In CDPVault::liquidatePositionBadDebt(), the calculation of `loss` is incorrect.

PositionAction.decreaseLever() fails to consider the loan fee in Flashlender when calculating loanAmount, as a result, the functionanlity will not work when protocolFee != 0.

Slashing NativeVault will lead to locked ETH for the users

The operator can create a `NativeVault` that can be silently unslashable.

Delayed Slashing Window and Lack of Transparency for Pending Slashes Could Lead to Loss of Funds

Fragmentation fee is not taken if user compensates with newly created position

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Incorrect withdraw queue balance in TVL calculation

Deposits will always revert if the amount being deposited is less than the bufferToFill value

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

removedLiquidity can be underflowed to lock other user's deposits

retryMessage unable to handle edge cases.

Asymmetric calculation of price difference

dailyDebtIncreaseLimitLeft is not updated in liquidate().

Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

Due to interest rates update method, Interest-Free Loans are possible and the Cost of DoS are reduced

An attacker can easily bypass the collateral value limit factor checks

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Constraints of dailyAllowanceReplenishTime and allowanceRemaining during mint() can be bypassed by using alias accounts & safeTransferFrom()

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

DOS of proposals by abusing ballot names without important parameters

removedLiquidity can be underflowed to lock other user's deposits

Users will lose rewards when buying new tokens if they already own some tokens

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

If an airdrop happens before a mint the price could skyrocket

``FULL_RESTRICTED`` Stakers can bypass restriction through approvals

Borrower has no way to update `maxTotalSupply` of `market` or close market.

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

Voters from VotingEscrow can vote infinite times in vote_for_gauge_weights() of GaugeController

Incorrectly implemented modifiers in LybraConfigurator.sol allow any address to call functions that are supposed to be restricted

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called

Fix utilization rate computation