Subtraction in `variance()` will revert due to underflow

`PendlingConnector::depositIntoMarket()` `PendlingConnector::burnLP()` and are missing slippage control parameters.

Users will get DoS for the approved router, due to incorrect `allowance` check argument.

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract

`_update` function incorrectly handles SafeMath subtraction, per the documentation, causing potential funds locked forever.

The use of spot price by CoreSaltyFeed can lead to price manipulation and undesired liquidations

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Unauthorized Access to setCurves Function

Incorrect amounts of ETH are transferred to the DAO treasury in `ERC20TokenEmitter::buyToken()`, causing a value leak in every transaction

All tokens can be stolen from `VirtualAccount` due to missing access modifier

`ensureApprove` will revert for non-standard ERC20 tokens like USDT

Incorrect Solidity version in FullMath.sol can cause permanent freezing of assets for arithmetic underflow-induced revert

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Fixed fee level is used when swap tokens on Uniswap

DSC protocol can consume stale price data or cannot operate on some EVM chains

Use `==` instead for `<=` for `uints` when comparing for `zero` values

`_liquidateUser()` should not re-use the same minimum swap amount out for multiple liquidation

Attacker can specify any `receiver` in `USD0.flashLoan()` to drain `receiver` balance

[HB02] `BalancerStrategy.sol`: `_withdraw` withdraws insufficient tokens

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

EUSD.mint function wrong assumption of cases when calculated sharesAmount = 0

VUSD's withdrawal request can be skipped if reserve has not enough balance at the moment of processing --> Users can get DoS

Once `stablePrice` is set for an asset, it can no longer be removed --> prices can be stale

Rebalance functionality may revert in some pools that do not support 0.05% fee tier. (or provide non-robust pricing)

FeeGrowthInside calculation doesn't allow overflowing/underflowing

`partyBNonces` is incorrectly accounted in `lockQuote` (it'll use `partyB` = address(0))

It is not possible to execute actions that require ETH (or other protocol token)

PriceOracle.sol will not work on Optimism & Arbitrum network

No check for active Optimism & Arbitrum Sequencer in Chainlink Oracle (oracle integration issues)

Tx will revert if users try to claim USDT from the FootiumPrizeDistributor contract

Missing slippage control validation in opening position function in AuraSpell

No slippage control when closing position in CurveSpell

Calculation underflow/overflow in BalancerPairOracle, which will affect pools in Aura Finance

Subaccount `execute` function will revert upon non-zero `msg.value` (although its behavior is supposed to support non-zero msg.value)

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )