`BorrowLogic::executeRepay` incorrect order of update may cause incorrect interest rates

The function `LiquidationLogic::_repayDebtTokens()` may undervalue the total supply of debt shares

Incorrect supply balance and debt balance calculation will cause multiple issues

Function `executeMintToTreasury` will incorrectly reduce the `supplyShares`, therefore prevent the last users from withdrawing

Liquidated User will not be charged for the liquidation

`msg_server_registerations::Register` will overwrite reputerInfo, which can be used to sabotage other reputers

The worker and reputer's payload may be tampered due to lack of check for the pubkey's ownership

`msg_server_stake::AddStake` calculates the weight incorrectly resulting in incorrect activation of a topic

`msg_server_demand::FundTopic` passes incorrect additional fee, potentially activate a topic incorrectly

The `PendlePTOracle` contract may return a wrong price when calculating the price with `getPtToAssetRate()`

`Kelp:_finalizeCooldown` cannot claim the withdrawal if adversary would requestWithdrawals with dust amount for the holder

Missing slippage protection in `Ethena:_sellStakedUSDe`

Missing slippage protection in `PendlePrincipalToken:redeemPT`

An issue with calculating total supplies inside the function `ZivoeRewardsVesting.revokeVestingSchedule()` may lead to DOS condition or to account a wrong total number of votes in the system

`ZivoeRewards.depositReward()` and `ZivoeRewardsVesting.depositReward()` may be subject of a griefing attack to manipulate reward emissions

`ZivoeRewardsVesting.revokeVestingSchedule()` may set a user's votes from their $ZVE vesting to a wrong value

The usage of `totalSupply()` of tokens may introduce some issues with calculating the amount to vest when `ZivoeITO.claimAirdrop()` is called

If the `OCL_ZVE:forwardYield` is called before `OCL_ZVE:pushToLockerMulti`, the yield distribution interval cannot be enforced

`OCL_ZVE:fetchBasis` the amount can be skewed by make the pool imbalanced, resulting in yield distribution when there is no real gain

`OCL_ZVE:pushToLockerMulti` will very likely to fail due to the assertion on the allowance

The `ZivoeYDL` ema calculation is incorrect due to uninitialized `distributionCounter`

`LibGameType:raw` will unsafely cast resulting in incorrect comparison between GameTypes

Auction data from previous auctions may be overwritten when a new auction is created with `Auctioneer.auction()`

Wrong comparison operator used inside `AuctionModule._revertIfLotConcluded()` may cause multiple issues

If `RioLRTOperatorRegistry:setOperatorStrategyShareCaps` is used to set the cap to zero, fund may be locked

`RioLRTWithdrawalQueue:queueCurrentEpochSettlement` does not update the epoch, resulting in disabled `rebalance`

`RioLRTDepositPool:depositBalanceIntoEigenLayer` reverts when asset to share calculation rounds down

OlympusSupply.getReservesByCategory will revert if the optional submoduleReservesSelector is set to be zero

Spot prices calculated inside `BalancerComposableAuraVault` may not be in line with spot prices from Balancer pools due to rounding differences.

Due to multiple issues the reinvestor may be able to steal funds from the vault.

Rewards may be lost when `SdtStakingPositionService.processSdtRewards()` is processing multiple rewards that contain the same reward token

`LockingPositionService`'s voting power can be inflated by putting duplicated entries to `LockingPositionDelegate.tokenOwnedAndDelegated`

Users who withdraw and exchange their rewards into CvgSDT may become target of sandwich attacks due to an insufficient slippage protection in `SdtRewardReceiver._withdrawRewards()`

`QVSimpleStrategy::_allocate`

Missing access modifier for `RFPSimpleStrategy.setPoolActive()` may lead to multiple issues

`QVSimpleStrategy`: part of the distribution may be locked when allocation and registration overlap

`QVSimpleStrategy`: If someone fund a pool when the fund is partially/fully distributed, part of the fund may be locked

`DonationVotingMerkleDistributionVaultStrategy::_afterAllocate` is not capable of dealing with fee-on-transfer tokens

Set milestones in `RFPSimpleStrategy` can exceed 100% `totalAmountPercentage` which may lead to multiple issues

An allocator's `voiceCreditsCastToRecipient` may get calculated in a wrong way inside `QVBaseStrategy._qv_allocate()`

Potential occurance of a DOS condition inside the `RFPSimpleStrategy._distribute()` function

Issues with accounting logic and distribution when using "Fee on Transfer" tokens with `QVSimpleStrategy`

`LMPVault.updateDebtReporting()` may be abused to only update certain destination vaults in order to gain a profit and/or steal funds from other users

Users can potentially get an unlimited amount of reward tokens from `LMPVault` and from `DestinationVaults`

Too many assets may be pulled from the user when they deposit or mint into the `LMPVault` via `LMPVaultRouterBase.mint()` or `LMPVaultRouterBase.deposit()`

`AbstractRewarder::queueNewRewards` may transfer too much from the msg.sender and the surplus will be trapped

In `LMPVault::_withdraw`, rewards will be locked, if more assets than needed are received

`MavEthOracle::getPriceInEth` can be manipulated by making swaps in the pool, due to incorrect LP token evaluation

`LMPVault`'s cached `totalDebt` can be abused to drain `LMPVault`

Potential accounting problems due to issue in `ClearingHouse.updatePositions()`

`Oracle.getUnderlyingPrice` not checking Oracle answer for staleness

A user can get more dTokens than they should get via `D3VaultFunding.userDeposit()`, due to accounting issues in `D3VaultLiquidation.liquidate()`

Stop-loss orders are broken for certain use cases.

COMP tokens can get lost in Treasury

ControllerPeggedAssetV2 token price can be influenced by stale oracle price

contract with only `IOptimismMintableERC20` interface is not compatible with `StandardBridge`

`Comptroller::withdrawRewards` accounting error results in incorrect inflation index

`AssetManager::withdraw` will not return false, when fail to send the withdraw amount

`TradingUtils::_executeTrade` will withdraw/deposit the whole balance

`TradingUtils::_executeTrade` will leak ETH to WETH

`StrategyUtils::_executeDynamicTradeExactIn` does not wrap steth