Buffer Silently Locks Staked HYPE in Contract Without Using Them For Withdrawals Or Providing A Way To Be Pulled Out Or Moved To L1

Processing all withdrawals before all deposits can cause some deposit to not be delegated in `processL1Operations`

Incorrect Balance Check in Validator Redelegation Process May Block Legitimate Rebalancing Operations

Missing Event Emission in update_profit_max_unlock_time

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

There is no logic checking for RAACNFT price staleness before minting it

Owner Can Change Vote Results After Voting Ends by Updating Quorum Numbers for New proposals

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

Unrestricted proposal cancellation allows governance process manipulation

Emergency withdraw functionality in veRAACToken takes longer than expected

Missing Checkpoint Reset in `veRAACToken::emergencyWithdraw` Function

Incorrect Timestamp Tracking in RAACHousePrice contract

Treasury's allocated funds not tracked during withdrawals leads to accounting issue where recepient can receive more than allocated funds.

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Lack of deadline check in forwarded request

LamboFactory can be permanently DoS-ed due to createPair call reversal

Minting zero tokens when underlyingToken is not Ether in cashIn()

Calculation for `directionMask` is incorrect

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

`LamboRebalanceOnUniswap::_getTokenInOut` formula used to compute rebalancing amount is wrong for a UniV3 pool

`sellQuote` and `buyQuote` are missing deadline check in `LamboVEthRouter`

NativeMetaTransaction.sol :: executeMetaTransaction() failed txs are open to replay attacks.

Platform fees withdrawal will sweep oracle agents earned fees

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

Update state requests or Purchase requests occurring at the end of the phase will not process

BuyerAgent Batch Purchase Failure Due to Asset Transfer or Approval Revocation

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

Blocked accounts keep earning interest contrary to the WhitePaper

AccessControlHooks onQueueWithdrawal() does not check if market is hooked which could lead to unexpected errors such as temporary DoS

Role providers cannot be EOAs as stated in the documentation.

Inconsistency across multiple repaying functions causing lender to pay extra fees.

`FixedTermLoanHooks` allow Borrower to update Annual Interest before end of the "Fixed Term Period"

`Flashlender.sol#flashLoan()` should use `mintProfit()` to mint fees. The current implemetation may lead to locked up WETH in PoolV3.

Because of the Asset:Share 1:1 Conversion, if Vault Incur a Loss, the Last User to Withdraw Will Take The Entire Loss

DOS attack to SwapAction.transferAndSwap() when using an ERC20 permit transferFrom.

Malicious actor can abuse the minimum shares check in `StakingLPEth` and cause DoS or locked funds for the last user that withdraws

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Fragmentation fee is not taken if user compensates with newly created position

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Attacker Can Frontruns User's Withdrawals To Make Them Reverts Without Costs

Value of kerosene can be manipulated to force liquidate users

setUnboundedKerosineVault not called during deployment, causing reverts when querying for Kerosene value after adding it as a Kerosene vault

No incentive to liquidate when CR <= 1 as asset received < dyad burned

If a redemption has N disputable shorts, it is possible to dispute N-1 times the redemption to maximize the penalty

Using cached price to create a proposal reduce the efficacity of redemptions for asset peg

oracleCircuitBreaker: Not checking if price information of asset is stale

`TwabLib::getTwabBetween` can return innacurate balances if `_startTime` and `_endTime` aren't safely bounded

The winner can steal claimer fees, and force him to pay for the gas

All claimed rewards will be lost for the users using the account abstraction wallet

Due to no access control on `DistributionV2::_authorizeUpgrade()` anyone can change the implementation contract and can destroy the main Proxy contract.

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

Attacker Can Inflate LP Position Value To Create a Bad Debt Loan

SALT staker can get extra voting power by simply unstaking their xSALT

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Fees are hardcoded to 3000 in ExactInputSingleParams

Removal of approved token from token manager can lead to unintended liquidation of vaults

Users with Negligible TST Holdings Might Not Receive Their Share of EUROs Fees

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Anyone can prolong the time for the rewards to get distributed

Malicious borrower can decrease Guild holders reward

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

Blocked accounts keep earning interest contrary to the WhitePaper

AccessControlHooks onQueueWithdrawal() does not check if market is hooked which could lead to unexpected errors such as temporary DoS

Role providers cannot be EOAs as stated in the documentation.

Inconsistency across multiple repaying functions causing lender to pay extra fees.

`FixedTermLoanHooks` allow Borrower to update Annual Interest before end of the "Fixed Term Period"

Users Lose Funds and Market Functionality Breaks When Market Reachs 65k Id

Division before multiplication results in lower `dittoMatchedShares` distributed to users

Loss of precision in `twapPriceInEther` due to division before multiplication

Unlimited Approval Risk in BridgeSteth Contract

`TwabLib::getTwabBetween` can return innacurate balances if `_startTime` and `_endTime` aren't safely bounded

The winner can steal claimer fees, and force him to pay for the gas