`shareBalance` bloating eventually blocks curator rewards distribution

Signature replay in `createArt` allows to impersonate artist and steal royalties

`PhiFactory:claim` Potentially Causing Loss of Funds If `mintFee` Changed Beforehand

Refunds sent to incorrect addresses in certain cases

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Potential Uninitialized `entropySlots` Reading in `getNextEntropy`, Causing 0 Entropy Mint

Pause and unpause functions are inaccessible

Excess ETH from `forgingFee` can get stuck in `EntityForging` under certain situations

Staking ETH incorrectly assumes revert bubbling

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

MaxHeap.sol: Already extracted tokenId may be extracted again.

CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse

Violation of ERC-721 Standard in VerbsToken:tokenURI Implementation

No slippage protection for Market functions

The price of rsEHT could be manipulated by the first staker

PartyGovernanceNFT advertises but does not honor the ERC-4906 standard

Soft Restricted Staker Role can withdraw stUSDe for USDe

Incorrect calculations for Surplus Auction creation cause massive surplus imbalances

Test addresses and incorrect interface in code prevent integration with UniswapV3 and Camelot

Incorrect decimal usage in score calculation leads to reduced user reward earnings

TWO DIFFERENT TRANSACTIONS CAN RESULT IN THE SAME `txnHash` VALUE THUS BREAKING THE APPROVAL PROCESS OF TRANSACTION MINTING

Front-running vulnerability of Cooler.sol’s rollLoan

`ReLPContract` wrongfully assumes protocol owns all of the liquidity in the UniswapV2 pool

Improper precision of strike price calculation can result in broken protocol

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

Inaccurate swap amount calculation in ReLP leads to stuck tokens and lost liquidity

_curveSwap: getDpxEthPrice and getEthPrice is in wrong order

reLP() mintokenAAmount the calculations are wrong.

No mechanism to settle out-of-money put options even after Bond receipt token is redeemed.

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

Delegated votes are locked when owner lock is expired

User don't have to deposit for a week into the market to get his weekly reward from the `LendingLedger`

If governance removes a gauge, user's voting power for that gauge will be lost.

User can steal refunded underlying tokens from `initRange` operation inside `RangeManager`

Return value of low level `call` not checked.

Rounding error in `WUSDA` can result in loss of user funds, especially when manipulated by an attacker

The cross-chain claimed tokens are never transferred to the Beneficiary wallet.

User cannot claim rewards if certain amount of payoutTokens are withdrawn

`_voteSucceeded()` returns true when `againstVotes > forVotes` and vice versa

Incorrectly implemented modifiers in LybraConfigurator.sol allow any address to call functions that are supposed to be restricted

If `ProtocolRewardsPool` is insufficient in EUSD, users will not be able to calim any rewards

Incorrect function call in LybraRETHVault's getAssetPrice

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called

Invalid implementation of prioritized token rewards distribution

Impossibility to change `safeCollateralRatio`