getSupplyBalance Function's Incorrect Formula May Lead to Loss of Users' Funds or Earnings

The _requireOnlyOperatorOrOwnerOf function in the MlumStaking contract has a vulnerability, and users can bypass the judgment

The addToPosition function in the MlumStaking contract has a vulnerability, and users may lose their voting eligibility

The circulating_supply() of the Minter contract may revert, resulting in the inability of the Minter to periodically emit Flow tokens

Deposits will always revert if the amount being deposited is less than the bufferToFill value

The _cancelAllBids function has a vulnerability, as it does not verify whether the user at this time is the highest bidder

Permanent loss of yield for stakers in reward pools due to precision loss.

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

removedLiquidity can be underflowed to lock other user's deposits

ETHCrowdfundBase.sol#processContribution - Impossible to finalize crowdfund because of minContribution check

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Auction winner can prevent payments via `safeTransferFrom` callback

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

Incorrectly implemented modifiers in LybraConfigurator.sol allow any address to call functions that are supposed to be restricted

There is a vulnerability in the executeFlashloan function of the PeUSDMainnet contract. Hackers can use this vulnerability to burn other people's eUSD token balance without permission

DOS of market operations with malicious offers

Attack on rounding errors to get risk free profit