Aggregate Root could Mismatch in Withdrawal Processing

MAXIMUM_NUMBER_OF_DEPOSITS_PER_ROUND can be bypassed in certain conditions

Inconsistency in BunniToken Price Calculation

Delegation Limitation in Voting Power Management

Game is not fair if less round passed than 2 and agents pass under the threshold of 50 users

_restoreLiquidity() is extemely easy to manipulate due to how it calculates underlying token balances

Underflow in borrow() Function

Missing Allocator Voice Credit Incrementation in QV Strategy _allocate()

FEE-ON-TRANSFER usage could DOS a pool

QVStrategy : Funds locked if no registered recipient or no recipientStatus >= reviewThreshold

Exponential Inflation of Voice Credits in Quadratic Voting Strategy

Incorrect Accounting of newRewards in the queueNewRewards() function of AbstractRewarder Contract

Missing token transfer between LiquidationRow.sol and BaseAsyncSwapper.sol during liquidation of Vaults For Token

Creation of Options At Expiry Time Can Lead to Loss of Funds

Small depositors might receive zero shares due to integer division in depositFor function

Chainlink’s latestRoundData might return stale or incorrect results

Oracle.sol Assume that stablecoin Price is stable

min withdraw of 5 VUSD is not enough to prevent DOS via VUSD.sol#withdraw(amount)

Rounding Errors in the _getTicksForPosition()

Chainlink's latestRoundData might return stale or incorrect results

Misconfigured Price Feed Aggregator

Unrestricted Minting and Burning Functions

Unchecked Slippage Vulnerability in USSD Contract

Stale or Outdated Price in getPriceUSD() Function in StableOracle Contracts

Use of Deprecated ChainLink function : latestAnswer()

Front-Running Vulnerability in depositStableCoin() Function