UsualSP removeOriginalAllocation does not call _updateReward before zeroing recipient balances depriving them of already earned rewards

Reward emissions can be blocked with a DOS attack due to insufficient precision is emissions calculation

Precision calculation error in PendlePTOracle::_calculateBaseToQuote causing erroneous price reports

WithdrawRequestBase::_getValueOfSplitFinalizedWithdrawRequest does not account for decimals when converting from redeem token to borrow token

VaultRewardLib decreases a user's claimable reward amount even if the reward transfer fails

The FGD l2BlockNumber (passed in extraData) can be any number, enabling a DOS on fund widthdrawals

Funding Fee Rate is calculated based only on the Oracle Maker's skew but applied across the entire market, which enables an attacker to generate an extreme funding rate for a low cost and leverage that to their benefit

The TWAPOracleFacet TWAP timeframe depends on the distance from the last update() call, which compromises the price accuracy and enables price manipulation..

Price Module reports wrong MA/Current Price for asset using MA when feeds are down after storePrice has been called

Migrated DAO exposed to Hijacking shortly after creation due to insecure renounceOwnership function