DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

Calling `unstake()` can cause locked funds

`lending-market/Note.sol` Wrong implementation of access control

WETH.sol computes the wrong totalSupply()

Transferring any amount of the underlying token to the CNote contract will make the contract functions unusable

Anyone can create Proposal Unigov Proposal-Store.sol

In Cnote.sol, anyone can initially become both accountant and admin

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

It shouldn’t be possible to create a vault with Cally’ own token

amount requires to be updated to contract balance increase (1)

Use of `.send()` May Revert if The Recipient's Fallback Function Consumes More Than 2300 Gas

Seven ways in which the Owner and Proxy Admin can make users lose funds ("rug vectors")

`createRJLaunchEvent()` can be called by anyone with 1 Wei of `_token` and stop others from creating RJLaunchEvent with the same token anymore

Typo in PoolTemplate unlock function results in user being able to unlock multiple times

repayDebt in Vault.sol could DOS functionality for markets

A vault can be locked from MarketplaceZap and StakingZap

ERC20 return values not checked

Function `joinTokenSingle` in `SingleTokenJoin.sol` and `SingleTokenJoinV2.sol` can be made to fail