L1 contract can evade aliasing, spoofing unowned L2 address

Incorrect game type can be proven and finalized due to unsafe cast

Fault game factory can be manipulated to DOS game type using malicious `l2BlockNumber`

integer overflow in slice()

Contract interfaces allow nonpayable implementations of payable functions

Slice bounds check can be overflowed to access unrelated data

External calls can overflow return data to return input buffer

Builtins that access literal lists cannot be compiled

Tuple constants are deleted during folding, breaking compilation

Gas cost estimates incorrect due to rounding in `calc_mem_gas()`

Incorrect gas estimate for BALANCE opcode

SHA256 built-in will return input value on chains without SHA256 precompile

Fang optimization options broken

`_bytes_to_num()` skips `ensure_in_memory()` check, which can lead to compilation failure

Built-in `shift()` function will fail if passed a negative integer at compile time

Compiled opcodes will return wrong values for PUSH instructions due to incorrect padding

Wrong denominations included in reserved keywords

Oracle tick rounding the wrong direction can lead to Swapper overpaying for swap

Tokens without UniV3 pairs with `tokenToBeneficiary` can be stolen by an attacker

WalletImpl cannot receive NFTs as intended

Swapper mechanism cannot incentivize ETH-WETH swaps without risking owner funds

SwapperCallbackValidation doesn't do anything, opens up users to having contracts drained

All migrated withdrarwals that require more than 135,175 gas may be bricked

CrossDomainMessenger does not successfully guarantee replayability, can lose user funds

Unlinked tophat retains linkedTreeRequests, can be rugged

Safe can be bricked because threshold is updated with validSignerCount instead of newThreshold

Signers can bypass checks to add new modules to a safe by abusing reentrancy

If another module adds a module, the safe will be bricked

Other module can add owners to safe that push us above maxSigners, bricking safe

Signers can brick safe by adding unlimited additional signers while avoiding checks

Signers can bypass checks and change threshold within a transaction

Owners of linkedin tophats cannot have eligibility revoked

Changing hat toggle address can lead to unexpected changes in status

targetThreshold can be set below minThreshold, violating important invariant

Swap Signer fails if final owner is invalid due to off by one error in loop

If a hat is owned by address(0), phony signatures will be accepted by the safe

If signer gate is deployed to safe with more than 5 existing modules, safe will be bricked

Safe threshold can be set above target threshold, causing transactions to revert

Can get around hats per level constraints using phantom levels

Users can be liquidated prematurely because calculation understates value of underlying position

Liquidator can take all collateral and underlying tokens for a fraction of the correct price

Users can get around MaxLTV because of lack of strategyId validation

LP tokens are not sent back to withdrawing user

IchiLPOracle does not use correct LP Pricing, vulnerable to flash loan attack

Users who deposit extra funds into their Ichi farming positions will lose all their ICHI rewards

Check for stale data before trusting Chainlink's response

Withdrawals from IchiVaultSpell have no slippage protection so can be frontrun, stealing all user funds

HardVault never deposits assets to Compound

LP tokens cannot be valued because ICHI cannot be priced by oracle, causing all new open positions to revert

Complete debt size is not paid off for fee on transfer tokens, but users aren't warned

totalLend isn't updated on liquidation, leading to permanently inflated value

If a token's oracle goes down or price falls to zero, liquidations will be frozen

Malicious user can finalize other’s withdrawal with less than specified gas limit, leading to loss of funds

Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds

Migration can be bricked by sending a message directly to the LegacyMessagePasser

Censorship resistance is undermined and bridging of assets can be DOSed at low cost

Batcher frames are incorrectly decoded leading to consensus split

GMX RewardRouterV2 allows redeeming to a different address, leading to incorrect tokensIn

GMX RewardRouter's compound() function does not return WETH

Using one controller for two addresses could risk signature collisions

Attacker can take loan for Victim

Anyone can wipe complete state of any collateral at any point

Borrower can use liquidationInitialAsk to block future borrowers

Buying out corrupts the slope of a vault, reducing rewards of LPs

Vault may be drained after a liquidated NFT was claimed by the liquidator

ERC4626Cloned deposit and mint logic differ on first deposit

Deadlock in valuts with underlying token with less then 18 decimals

Users can liquidate themselves before others, allowing them to take 13% above their borrowers

Users are forced to approve Router for full collection to use commitToLiens() function

Position not deleted after debt paid.

WithdrawProxy allows redeem() to be called before withdraw reserves are transferred in

Overflow potential in processEpoch()

minDepositAmount is unnecessarily high, can price out many users

Processing an epoch must be done in a timely manner, but can be halted by non liquidated expired liens

Lack of support for fee-on-transfer token

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

Liquidity providers may lose funds when adding liquidity

Price will not always be 18 decimals, as expected and outlined in the comments

Manager can get around min reserves check, draining all funds from Collateral.sol

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

ETH will get stuck if all NFTs do not get sold.

Unsafe downcasting operation truncate user's input

Escher721 contract does not have setTokenRoyalty function

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

Payer cannot withdraw accidental extra funds sent to the contract without canceling

Bulls that are unable to receive NFTs will not be able to claim them later

Fixed Term Teller tokens can be created with an expiry in the past

Fixed Term Bond tokens can be minted with non-rounded expiry

Funding Rate calculation is not correct

Non terminal tokens received via Balancer batchSwap are not accounted for

Curve LP staking allows adding false tokensIn to account by setting _claim_rewards to false

Curve LP Controller withdraw and claim function uses wrong signature

No check for active Arbitrum Sequencer in WSTETH Oracle

User can trade away an asset using Balancer batchSwap without removing it from account

isValidRefinance will approve invalid refinances and reject valid refinances due to buggy math

isValidRefinance checks both conditions instead of one, leading to rejection of valid refinances

Liens do not reset payee after buyout

Payments made for all liens on a collateral token will only pay the first lien

_deleteLienPosition() function is public

liquidationAccountant can be claimed at any time

liquidationAccountant can be claimed multiple times, losing a portion of all vault holders' funds

Claiming liquidationAccountant will reduce vault y-intercept by more than the correct amount

Strategists are paid 10x the vault fee because of a math error

Auctions can end in epoch after intended, underpaying withdrawers

Any public vault without a delegate can be drained

nlrType type is not signed by strategist, which could allow fraudulent behavior as new types are added

maxPotentialDebt can be exceeded due to faulty calculation

createAuction sets firstBidTime as time of creation rather than first bid

Bids cannot be created within timeBuffer of completion of a max duration auction

Vault Fee uses incorrect offset leading to wildly incorrect value, allowing strategists to steal all funds

_getInterest() function uses block.timestamp instead of the inputted timestamp

_payment() function transfers full paymentAmount, overpaying first liens

timeToEpochEnd calculates backwards, breaking protocol math

_validateCommitment fails for approved operators

Operators can get signed data once and bypass SDK fees for calls

Missing check for equal length arrays in transferByOwnerBatch and mintByOwnerBatch

Deployer can set royalties to greater than 100%

getUserInfo() returns incorrect values for locked and stakedAmount

cancelVouch breaks voucher and vouchee index tracking, creating opportunity for user theft

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Loss of vested amounts

not able to create claim

Supply cap of VariableSupplyERC20Token is not properly enforced

The reveal process could brick if `randProvider` stops working

First depositor into each LToken can break share calculation and steal funds

Uniswap contract added to controller doesn't match with function signatures

Chainlink oracle price data could be stale

LTokens will not work with fee-on-transfer tokens

Missing revert keyword

Users can avert liquidation by getting blacklisted in USDC or USDT

It should not submit a project with no total budget. Requires at least one task with cost > 0

Accumulated ETH fees of InfinityExchange cannot be retrieved

Anyone can get swaps for free given certain conditions in `swap`.