Method _deposit() in DLoopCoreBase can DoS due to incorrect debtAssetBorrowed calculation

Some users might get 0 shares for assets provided in DStakeToken contract

Method AegisMinting::approveRedeemRequest() apply fees incorrectly

Redeem limit is not reset when the requests are rejected or withdrawn

Users Who Queue Withdrawal Before A Slashing Event Disadvantage Users Who Queue After And Eventually Leads To Loss Of Funds For Them

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

A user can abuse notifyRewardAmount() and dilute rewards for everyone

The user can send tokens to any address by using two bridge transfers, even when transfers are restricted.

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Incorrect Token Amount Comparison in updateParticipation() Prevents Users from Decreasing Their Position

Lack of deadline check in forwarded request

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Method Auction.endAuction() in auction will always revert due to wrong globalPool() check in Pool contract

Auction settlement affects bond and leverage token creation and redemption in Pool contract

Auction pull reserve tokens from next Auction schedule

BalancerRouter.sol locks excess user funds when PreDeposit.sol hits reserveCap

A user can Blacklist themselves in Auction process when coupon token is USDC

Pool fee is unaccounted when Auction settles

OrderId can be easily overwritten which can be exploited to drain contract

A user can modifyOrder() after the order execution and get the refund as the order status is missing

Anyone can create order on behalf of receiver if the receiver has given extra approval to OracleLess and StopLimit contracts

In OracleLess.createOrder() feeBips value validation is missing

Missing maxPendingOrders check in OracleLess.sol

Method safeApprove() will revert if the allowance of msg.sender is not 0

Remove splitter will always revert if there are some rewards left on splitter contract

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

Method refundPlayers doesn't update _lockedETH in WinnableTicketManager

Possible DOS in raffle setup mechanism

RedStoneOracle is not integrated properly

There is no slippage check in the `nuke()` function.

Single plot can be occupied by multiple renters

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Phantom overflows can lead to unexpected reverts

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Decimal Limitation in CamelotRelayer and UniV3Relayer Contract Deployment

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Zero address leads to transaction reverts

Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`

Uncheck Arithmetic where overflow/underflow impossible

Zero address check for tokens

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

Use nested `if` statements instead of logical AND (`&&`)