Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

The TWAP logic is incorrect and even the updated prices are not actually up to date

The protocol is vulnerable to first depositor issue and donation attack

`ArtPiece.totalVotesSupply` and `ArtPiece.quorumVotes` are incorrectly calculated due to inclusion of the inaccessible voting powers of the NFT that is being auctioned at the moment when an art piece is created

Incorrect amounts of ETH are transferred to the DAO treasury in `ERC20TokenEmitter::buyToken()`, causing a value leak in every transaction

`ERC20TokenEmitter::buyToken` function mints more tokens to users than it should do

The quorumVotes can be bypassed

`encodedData` argument of `hashStruct` is not calculated perfectly for EIP712 singed messages in `CultureIndex.sol`

Partial transfers are still possible, leading to incorrect storage updates, and the calculated account premiums will be significantly different from what they should be

Owner cannot withdraw all interest due to wrong calculation of accrued interest in WithdrwaCarry

No slippage protection for Market functions

The price of rsEHT could be manipulated by the first staker

Protocol mints less rsETH on deposit than intended

Update in strategy will cause wrong issuance of shares

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Borrowers can escape from paying half of the penalty fees by closing the market, and those remaining penalty fees will be covered by the lender who withdraws last

Blocked accounts keep earning interest contrary to the WhitePaper

Allocators can allocate as much as they want in `QVSimpleStrategy`

`RFPSimpleStrategy::setMilestones()` doesn't revert even if the milestones are already set

`RFPSimpleStrategy::_registerRecipient()` will always revert if `useRegistryAnchor` is "true"

`RFPSimpleStrategy::_distribute()` might revert even though it has enough funds to distribute

`QVBaseStrategy::_qv_allocate()` updates the `allocator.voiceCreditsCastToRecipient` incorrectly, which results in more votes for the recipient

`QVBaseStrategy::reviewRecipients()` doesn't check if the recipient is already accepted or rejected, and overwrites the current status

The protocol doesn't work as expected with fee-on-transfer tokens

Unused funds are not returned and not counted in `GeVault`

Canceled order refunds should be sent to the `requester`, not the `recipient`.

`getUnderlyingPrice()` in the `Oracle.sol` doesn't check if oracle returns stale price.

Anyone can sell other users' tokens as `fromToken`, and get the `toToken`'s themselves due to `decodeData.payer` is never checked.

`_poolRepayAll()` function updates the state incorrectly, which might cause the vault to be exploited.