Partial transfers are still possible, leading to incorrect storage updates, and the calculated account premiums will be significantly different from what they should be

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Incorrect source address decoding in RootBridgeAgent and BranchBridgeAgent's _requiresEndpoint breaks LayerZero communication

Incorrect flag results to _hasFallbackToggled always set to false on createMultipleSettlement.

If RootBridgeAgent.lzReceiveNonBlocking reverts internally, the native token sent by relayer to RootBridgeAgent is left in RootBridgeAgent

The peg stability module can be compromised by forcing lowerDepeg to revert.

Incorrect precision assumed from RdpxPriceOracle creates multiple issues related to value inflation/deflation

PythOracle pushes wrong timestamp when data is requested

Incorrect price calculation in PythOracle

crvRewardsContract `getReward` can be called directly, breaking vaults `claimRewards` functionallity

Vault.claimRewards can break if Convex changes the operator

Calling BaseRewardPool directly causes rewards to be locked

Delegated amounts can be forcefully removed from anyone in the TwabController

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

Balance invariant between individual and total twabs can be broken

Collateral can be locked in BigBang contract when `debtStartPoint` is nonzero

Incorrect liquidation reward computation causes excess liquidator rewards to be given

BigBang liquidation share is not distributed 100%

Convex `BaseRewardPool` allows Claim on Behalf which causes delta to break - Loss of all Rewards

ConvexTricryptoStrategy does not count CVX reward into compoundAmount and thus _currentBalance leading to an under-estimate of TVL

`SGLBorrow::repay` and `BigBang::repay` uses `allowedBorrow` with the asset amount, whereas other functions use it with share of collateral

No staleness check for oracle price

Stable prices pose risk in times of volatility

PrivatePool owner can steal all ERC20 and NFT from user via arbitrary execution

Flash loan fee is incorrect in Private Pool contract

EthRouter can't perform multiple changes

Fee inclusivity calculations are inaccurate in RubiconMarket

Deposit fees can by bypassed

Delisting a processed rollover item causes skip of unprocessed one

Entitled shares not handled during rollover

Faulty index update of ownerToRollOverQueueIndex could break rollover

Dead queue items not removed from rolloverQueue can disincentivize relayers

Funds from premium vault can get stuck after sending to collateral vault

Inconsistent use of epochBegin could lock user funds

Outdated staleness check of price feed

`LotteryMath.calculateNewProfit` returns wrong profit when there is no jackpot winner

Safe can break if external module can add additional module

Owners can be swapped even though they still wear their signer hats

CachedUserRewards and UserRewardsDebts not reset when exiting position

UserRewardDebts set to 0 before usage

Rewards can accrue beyond the balance of the contract

Migration can not perform any meaningful actions

Get protection while not paying fees by using many 0 deposits

Minimum protection duration for seconds is too short and can be abused

DOS of core features and permanent lock of funds

LP tokens might get left in the Spell contract and be taken by someone else

ICHI rewards not paid out when reopening a farm position

Excess funds when withdrawing from lending stuck permanently

Incorrect Reward Duration After Change in Reward Speed in MultiRewardStaking

`MultiRewardStaking.changeRewardSpeed()` breaks the distribution

`Vault::takeFees` can be front run to minimize `accruedPerformanceFee`

Manipulation of target utilization via flash loans

No input validation for swap parameters

MinipoolManager: recordStakingError function does not decrease minipoolCount leading to too high GGP rewards for staker

Liquidity providers may lose funds when adding liquidity

Rounding error in buyQuote might result in free tokens

Not enough margin pulled or burned from user when adding to a position

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

ETH will get stuck if all NFTs do not get sold.

Orders can be marked as used by anyone

Return value of transfers not checked consistently

Incorrect implementation of the ETHPoolLPFactory.sol#rotateLPTokens let user stakes ETH more than maxStakingAmountPerValidator in StakingFundsVault, and DOS the stake function in LiquidStakingManager

Freezing of funds - Hacker can prevent users withdraws in giant pools

Attacker may DOS auctions using invalid bid parameters

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Owner can transfer all ERC20 reward token out using function recoverERC20

Avoidable misconfiguration could lead to INVEscrow contract not minting xINV tokens

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Cant withdraw pre-maturity

Reentrancy in lending allows overminting of iPT

Sense redeem is vulnerable to reentrancy

Cant set principal for Notional

Bond tokens (HLG) can get permanently stuck in operator

Bad source of randomness

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Protocol can be easily rug-pulled by the owner

A "FrontRunning attack" can be made to the `initialize` function

Possible centralization issue around RandProvider

Founders can receive less tokens that expected

Griefing/DOS of withdrawals by EOAs from treasury (TRSRY) possible

Wrong percent for `FraxlendPairCore.dirtyLiquidationFee`.

Migration: no check that user-supplied `proposalId` and `vault` match

Delegate call in `Vault#_execute` can alter Vault's ownership