Last buy might charge the wrong fee

Attackers can force the rewards to be stuck in the contract with malicious `x/tokenfactory` denoms

Potentially sensitive issue - disclosed privately

revertBatch incorrectly reset inChallenge.

After being removed, the staker cannot claim the deserved commission before.

Cannot get all the stakers from the bitmap.

If a refund has occurred, the owner will not be able to withdraw the full proceeds from the raffle.

The attacker can prevent createRaffle and waste the LINK in the contract.

Drawable raffle can be canceled.

Admin can prevent winner from withdrawing prize

Wrong minting logic based on total token count across generations

Lack of Slippage Protection in Dynamic Pricing Mint Function

There is no slippage check in the `nuke()` function.

Forger Entities can forge more times than intended

Pause and unpause functions are inaccessible

Excess ETH from `forgingFee` can get stuck in `EntityForging` under certain situations

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

The quantity is calculated incorrectly when depositing ETH to weETH.

Incorrect withdraw queue balance in TVL calculation

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

stETH/ETH Feed being used opens up to 2 way deposit<->withdrawal arbitrage

Tombstoned observer can maliciously add a duplicate observer address resulting in forfeiting voting rewards of targeted observers

`ZetaSupplyChecker` calculation error

When updating gas, if one chain fails, the others should continue to be updated instead of being skipped.

The `unwhitelist` function of `ERC20Custody` cannot be invoked.

Lagging median gas price when the set of observers changes

The `Sender` of an outbound cctx originating from the zEVM is potentially set to an incorrect sender address resulting in lost assets during a refund

Funds from reverted transaction may be lost/locked

PayGasFeeInZetaAndUpdateCctx() is prone to slippage, causing sender overpays the revert gas and lose returned funds

The `distribute` function in `RFPSimpleStrategy` cannot be executed multiple times.

`fundPool` does not work with fee-on-transfer token

`DonationVotingMerkleDistributionVaultStrategy` does not work with fee-on-transfer tokens

ETH deposited by the user may be stolen.

queueRewards will be locked in the contract and will not be distributed.

Destination Vault rewards are not added to idleIncrease when info.totalAssetsPulled > info.totalAssetsToPull

Since no transfer is made to the swapper, the swap in the liquidation process will be invalidated.

Multiple calls to queueNewRewards when there's no supply in the vault will result in some rewards being locked in the contract and unable to be distributed.

fastGasFeed's answer should check if it is greater than MAX_GAS_PRICE.

PartyA/B can avoid being liquidated through front-running allocate.

There is a lack of verification for the update time of the oracle data.

Subaccount is expected to be able to send ETH but doesn't have any payable functions to receive ETH

Insurance account’s bad debt can be cleared

There is a lack of verification for the update time of the oracle data.

In certain situations, legitimate users may not be able to participate in Rollover.