`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Wrong minting logic based on total token count across generations

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used

The total deposit amount limit in `AccountingManager.sol` can be bypassed

`depositQueue.queue` in `AccountingManager` can be flooded causing a DoS

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

Attacker Can Inflate LP Position Value To Create a Bad Debt Loan

formPOL lacks slippage and deadline protection

Attacker can take advantage of Chainlink price not occuring within it's 60 minute heartbeat to make PriceAggregator calls fail

Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`

DOS of proposals by abusing ballot names without important parameters

Reusing a SALT that has already been used for voting can allow a malicious proposal to pass and compromise the protocol.

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unauthorized Access to setCurves Function

onBalanceChange causes previously unclaimed rewards to be cleared

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

Rewards can be drained because of lack of access control

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

`totalBorrowedCredit` can revert, breaking gauges.

Anyone can prolong the time for the rewards to get distributed

No slippage protection for Market functions

Users will lose rewards when buying new tokens if they already own some tokens

Possible arbitrage from Chainlink price discrepancy

Lack of slippage control on LRTDepositPool.depositAsset

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

Infinite Voting in QVSimpleStrategy

CREATE3 is not available in the zkSync Era.

Malicious user can split the vote in QVBaseStrategy to get more votes.

RFPSimpleStrategy's _distribute implementation is incorrect

Fee-on-transfer not supported in fundPool

```trancheTokenAmount``` should be rounded UP when proceeding to a withdrawal or previewing a withdrawal.

A malicious user can delete a loan that `defaults` with `unclaimed`, causing the lender to lose the debt token.

A malicious lender can increase a borrower's debt.

Sandwich attack to steal all ERC-20 tokens in the Fees contract

During refinance() new Pool balance debt is subtracted twice

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Stealing any loan opening for auction through others' lending pool

Fee on transfer tokens will cause users to lose funds

update() not getting called right after a WETH amount has been sent will cause users to lose staking rewards

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

Fixed fee level is used when swap tokens on Uniswap

Theft of collateral tokens with fewer than 18 decimals

Liquidation Is Prevented Due To Strict Implementation of Liqudation Bonus

staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.

All of the USD pair price feeds doesn't have 8 decimals

[H-01] Lack of emergency withdraw function when no arbiter is set

Add an optional deadline parameter for dispute process

Unrestricted Access to initializeDistributionRecord Allows Manipulation of Voting Power

Incomplete Fee Setup in CrosschainDistributor.sol Leads to Inoperative Claims

Vote Factor Alteration During Airdrop Leads to Unfair Voting Power Allocation

A malicious user can prevent rewards from being distributed for a Convex `destinationVault`.

`LiquidationRow.liquidateVaultsForToken` is not working correctly.

`rewardPerToken` calculation is incorrect, resulting in a smaller distribution of the user's reward than intended.

LiquidationRow's `queueNewRewards` does not work due to double spending of `queueNewRewards`.

LMPVault.sol: Incorrect calculation of `idleIncrease` in `_withdraw`.

LMPVaultRouterBase: `mint`, `deposit` will be double-paid when paid with `ETH`, and the excess can be stolen.

Vault.vy: Malicious user can create bad debt and steal the protocol's funds

Vault.vy: Faulty Interest Calculation in Vault.vy due to Improper Update Sequence

Dca.vy: Stealing User Funds Provided for DCA by Creating a New Pool and Manipulating Price

Vault.vy: Potential Risk of Stale Data from Oracle due to Extended Freshness Threshold

Absence of Signature Expiry Check in LibMuon.verifyPrices()

Missing Permission Check in USSD.sol Allows Unauthorized Minting and Burning of USSD Tokens

Wrong Calculation of Collateral Selling Amount in USSDRebalancer.sol Impairs Price Defense During Depagged State

Incorrect Configuration of DAIEthOracle in StableOracleDAI and StableOracleWBGL Contract

Incorrect Decimal Setting in StableOracleDAI Contract for DAI/ETH Price Retrieval

Incorrect Calculation of Return Value in StableOracleDAI's getPriceUSD Function

Griefing attack vulnerability in MarginTrading.sol

FootiumEscrow.sol's approve allows you to seize club assets after selling clubs.