Impossible to open positions more than 2x leverage

Secondary position ticks will not work as intended when ticks are negative

If the L1 message is skipped then the tokens will be lost for users bridging via L1ReverseCustomGateway

Challenger will lose the challenge deposit when the batch is reverted and contract is paused

Griefer can permanently DoS the L2 message queue

Sequencers can lose their commission fees if they are removed

If the stake token is minted from portfolio vault, positions from balances are not decreased

Deleveraging can result in a zero borrowed amount while maintaining the leveraged position

Excess fromBalance removal not added to other positions fromBalance's when leveraging up

Updating leverage changes the cross net and cross available value

Minting stake tokens is not updating the pool's borrowing fee rate

Mismatching funding fees can result in the protocol incurring a deficit or insolvency risk

Users profit in short cross will leave the fees in UsdPool instead of LpPool

Keepers can open positions that are already liquidatable

ERC20 transfers for stakeToken's is not updating the rewards process

The redeem process updates the rewards in the wrong order

Anyone can change the balance of an account to drain the entire portfolio vault

Pool value does not consider the open funding fees

`updateAllPositionFromBalanceMargin` function mistakenly increments positions "fromBalance"

`updatePositionFromBalanceMargin` function returns "0" if amount to be updated is negative

Closing partial positions miscounts the settled fees

Position net value is using outdated fees

Cross available value is not accounting the position fees

Long orders always pays lesser in fees while short orders always pays higher due to oracle pricing

Updating leverage does not accrues the latest borrowing fees for the market

Increasing leverage can make the position have "0" `initialMargin`

Closing positions does not decrease the pool's entry price, leading to misleading pool value calculations

If cross positions use the same margin token as collateral and close without liability, then fee accounting will be completely wrong

Pool value calculation skips accounting for stable token losses and short uPnL

LpPool's can become insolvent if shorters are in huge profits

Canceling a mint stake token can result in the execution fee being sent from the wrong vault

If the stake token is minted as collateral, the tokens never leave the portfolio vault for the stake token

If the accounted token balance is higher than actual token balance some transfers can send "0" tokens to destination

Unbacked tokens can be used for opening positions

Withdrawing collateral does not update the total collateral held in the portfolio vault

Users can gas grief or completely block keepers from executing orders

Keepers loss gas is never accounted

Users can have positions with a margin lower than the allowed minimum margin

Cross positions that exceed the allowed margin can be opened

When a position is closed, the execution fees for the canceled stop orders are lost for the user

If stable tokens depeg, short funding fees will not be accounted properly

Pool can be drained

Selling partial base tokens are more profitable then selling in one go

WooFi oracle can fail to validate its price with Chainlink price feed

Swaps can happen without changing the price for the next trade due to gamma = 0

If the destination swap uses WooFi and fails then the fee charged will not be returned back to user

Setting the strategy cap to "0" does not update the total shares held or the withdrawal queue

Requested withdrawal can be impossible to settle due to EigenLayer shares value appreciate when there are idle funds in deposit pool

Pending EigenLayer withdrawal can stuck

`reportOutOfOrderValidatorExits` does not updates the heap order

Heap is incorrectly stores the removed operator ID which can lead to division by zero in deposit/withdrawal flow

Malicious operators can `undelegate` theirselves to manipulate the LRT exchange rate

All operators can have ETH deposits regardless of the cap setted for them leading to miscalculated TVL

Ether can stuck when an operators validators are removed due to an user front-running

Depositing to EigenLayer can revert due to round downs in converting shares<->assets

Pairs with "MAX_FEE" can revert due to rounding inconsistencies

Staked stargate asset module STG reward tracking can underflow blocking all interactions

Users can deposit "0" ether to any round

Rounds can not be immediately drawn after fulfillRandomWords due to VRF contracts reentrancy guard

When governance burns an NFT, the claimable balances of other NFT can be mixed

Vest owners can drain the TRUF tokens by calling claim many times when the vest is in initialRelease < cliff period

Ended locks can be extended

Migrating user forgets the claimable tokens in the virtual staking rewards contract

Pool can be drained if there are no LP_FEES

Adjusting "_I_" will create a sandwich opportunity because of price changes

First depositor can lock the quote target value to zero

Reward token can be an underlying token and it would not be possible to reinvest rewards

Restoring the vault can result in big losses if balances are changed

Balancer composable stable pools spot price calculation is wrong

Some curve pools can not be used as a single sided strategy

Emergency withdraw might not be enough if the underlying pool is a nested pool

Agents can instantly die although the active agents are higher than 50

If escapes makes an agent winner while there are healing agents the healing agents LOOKS are lost

Strategic escape can block healers

Inconsistency in healing between docs and code, healing is only possible after 2 rounds

Liquidity owner can burn the liquidity position to hurt borrower

IV can be manipulated to return the maximum IV value on the next write

Liquidations can make debt stuck in the Lenders

Owner can take the users claimable WETH balances

Owner can steal users WETH-ETH by setting gasPrice higher

Users can claim zero assets due to decimal differences between pool tokens

Accumulating excessive liquidation fees through repeated liquidation cycle

Extreme market situations can halt the liquidations

Old price signature can be used to liquidate same user in future

PartyA can grief the liquidators

Quotes can be opened below the minimum quote value

partyB can leverage emergency mode for quick profits

If partyB is suspended, partyB still can withdraw the stablecoins

Trading fee update can be sandwiched for atomic profits

Rounding issue when closing partial positions

Liquidation fee can be very small for liquidators

partyB liquidation doesn't return trading fee back to partyA

Collateral contract is ignoring maker fee in user liquidation process

Vaults will fail to work if any of the products of vault are paused

Unintended Vault Operation Due to Product Settling and Oracle Version Skips

Market Allows Zero Amount Positions Which Can Cause Vault Rebalancing to Revert

If long and short products has different maker fees, vault rebalance can be spammed to eat vaults balance

Public claim might be problematic

When a club sold to a third party, previous approvals from Escrow contract are not revoked

Clubs can mint +1 players more than maxGenerationId

transfer can fail for non standard ERC20 tokens

Univ3 oracle can be manipulated if pool is illiquid or non-existed

Incorrect accounting for idle funds during prime cash withdrawals

Compound exchange rate can be manipulated to withdraw more underlying tokens from NotionalV3

Lack of ERC20 approval on depositing to external money markets Compound V2

Fee on transfer tokens will break the withdrawing process

User Funds Vulnerable to Index Manipulation

Rollover Queue Manipulation

Rolling over is never beneficial for users

Rollover Queue Underflow Prevents User Participation in Subsequent Epochs

Misaccounting Decimals

Mislogic on TAU contracts