selfdestruct() will not be available after EIP-4758

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

Missing input validation can result in `Stream` `recipient` instantly receiving all tokens

`Payer` can rug `recipient` if a special ERC20 is used

Anyone can prevent themselves from being liquidated as long as they hold one of the supported NFTs

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

Pausing assets only affects future price updates, not previous malicious updates.

Malicious Users Can Drain The Assets Of Auto Compound Vault

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

Reward tokens mismanagement can cause users losing rewards

`FeeBuyback` does not utilize OpenZeppelin's SafeERC20 library, even though the rest of the codebase does

Protocol won't work with `USDT`, `BNB` and other tokens that do not return a bool on `transfer`

The protocol won't work correctly with fee-on-transfer tokens or tokens with rebasing mechanism

The protocol does not support fee-on-transfer or rebasing ERC20 tokens

Node runners can lose all their stake rewards due to how the DAO commissions can be set to a 100%

Calling `updateNodeRunnerWhitelistStatus` function always reverts

Use `call()` with value instead of `transfer()` on `address payable`

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Variable balance ERC20 support

address.call{value:x}() should be used instead of payable.transfer()

Code does not handle ERC20 tokens with special `transfer` implementation

Anyone can steal leftover/mistakenly sent tokens in `RollerPeriphery`

Protocol won't work with `USDC` even though it is a token specifically mentioned in the docs

`WSTETHOracle` needs to check for sequencer availability

WardenPledge accidentally inherits Ownable instead of Owner which removes an important safeguard without sponsor knowledge

Owner can transfer all ERC20 reward token out using function recoverERC20

Protocol withdrawals of collateral can be unexpectedly locked if governance sets the `collateralFactorBps` to 0.

Oracle assumes token and feed decimals will be limited to 18 decimals

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Griefing attack vector in `Lender.sol` `mint()` can result in big value loss for users

Some tokens (USDT) expect to always have zero allowances before approving a non-uint256.max amount

Missing token approvals can result in DoS in `Marketplace.sol`

ERC5095::mint checks slippage with underlying amount when it should check with principal (shares) amount

ERC4626 does not work with fee-on-transfer tokens

First ERC4626 deposit can break share calculation

EIP-2981 royalties can be > `salePrice`

`_payoutToken[s]()` is not compatible with tokens with missing return value

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

removeValidator() and removeMinter() may fail due to exceeding gas limit

frxETHMinter: Non-conforming ERC20 tokens not recoverable

Tokens with lower number of decimals can result in postponed linear vesting for user

Vesting Schedule Start and End Time can be Set in The Past

Supply cap of VariableSupplyERC20Token is not properly enforced

Using `ERC721::transferFrom` instead of `ERC721::safeTransferFrom` can result in NFTs stuck forever

Using external library code with High severity vulnerability

`call()` should be used instead of `transfer()` on an address payable

StakingRewards: recoverERC20() can be used as a backdoor by the owner to retrieve rewardsToken

StakingRewards.sol#notifyRewardAmount() Improper reward balance checks can make some users unable to withdraw their rewards

Different Oracle issues can return outdated prices

Delegation should not be allowed to address(0)

Quorum votes have no effect for determining whether proposal is defeated or succeeded when token supply is low

Some functionalities in `LEther.sol` & `LToken.sol` are not calling `beforeDeposit` and `beforeWithdraw` hooks

Price decimals assumptions in `ChainlinkOracle.sol` & `ArbiChainlinkOracle.sol` can lead to incorrect calculation of price

Incomplete price validation for Chainlink’s `latestRoundData` in `ChainlinkOracle.sol` & `ArbiChainlinkOracle.sol` can lead to overleveraged borrowing

TRSRY: front-runnable `setApprovalFor`

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

transfer() depends on gas consts

A VAULT OWNER CAN BE ALSO THE CONTROLLER AND ARBITRARILY SET THE SECONDARY MARKET ROYALTIES

A VAULT OWNER CAN FRONTRUN A PLUGIN CALL AND CHANGE ITS IMPLEMENTATION

Use of `payable.transfer()` may lock user funds

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

processFees() may fail due to exceed gas limit

`Staking.sol#stake()` DoS by staking 1 wei for the recipient when `warmUpPeriod > 0`

Burn access control can be bypassed

Redeemer.redeem() for Element withdraws PT to wrong address.

Funds may be stuck when `redeeming` for Illuminate

Illuminate PT redeeming allows for burning from other accounts

Lend method signature for illuminate does not track the accumulated fee

sellPrincipalToken, buyPrincipalToken, sellUnderlying, buyUnderlying uses pool funds but pays msg.sender

Centralisation Risk: Admin Can Change Important Variables To Steal Funds