A malicious user could frontrun the claim() and steal project tokens

NFT will be stuck in BuyOrder.sol contract

Borrowers and lenders are lose incentive tokens

User cannot claim reward distribution

The absence of a `receive` function in the `ERC721Bridgable.sol` and `ERC1155Bridgable.sol` contracts

The claim function in PerAddressContinuousVestingMerkle.sol will always fail due to incorrect decoding

DOS in the claimWithdraw function due to an incorrect check of the lastFinalizedRequestId in the EEtherAdapter.sol

The _stake function in the PufETHAdapter will always fail

PufETHAdapter does not handle the case when the stakeLimit of stETH is zero correctly

DOS vulnerability in the _stake function in RsETHAdapter.sol

UniETHAdapter and RsETHAdapter do not have slippage protection

The LenderCommitmentGroup_Smart smart contract may lose principal tokens in EscrowVault.sol

Liquidators utilizing the liquidateDefaultedLoanWithIncentive function do not receive the collateral tokens

Lenders have the ability to manipulate any LenderCommitmentGroup_Smart contract using the repayLoanCallback()

Frontrun the repayment or liquidation functions to withdraw a portion of the interest in a single block

The FlashRolloverLoan_G5 smart contract invokes a function that has not been implemented

The SmartCommitmentForwarder smart contract isn't compatible with FlashRolloverLoan_G5.sol

Fee on transfer tokens isn't compatible with LenderCommitmentGroup_Smart.sol

DOS vulnerability in the rolloverLoanWithFlash function in FlashRolloverLoan_G5.sol

WrappedAerodromeAM.sol is not compatible with the Revert on Zero Value Tokens

Bidder with highest bid can cancel their bid and withdraw collateral

lotRouting will be always with lotId = 0 in Auctioneer smart contract

The protocol is losing all the gas fees from all modules and derivatives on the Blast chain

routing.funding overflow after AuctionHouse.curate function

All base and quote tokens are stuck due to a blacklisted pfBidder in the EMPAM

Malicious seller can freeze quote tokens in EMPAM

There is no receive or payable function in Vesting.sol

Invalid allowance check in `VaultZapper._transferTokenInAndApprove`

The `Stablecoin` smart contract does not prevent blacklisted addresses from interacting with it

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Approved address can approve other addresses for an owner's safe

Module transactions will always fail because incompatible with Safe 1.5.0

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

```trancheTokenAmount``` should be rounded UP when proceeding to a withdrawal or previewing a withdrawal.

onlyCentrifugeChainOrigin() can't require msg.sender equal axelarGateway

Admin can't burn tokens from blocklisted addresses because of a check in _beforeTokenTransfer

address.call{value:x}() should be used instead of payable.transfer()