Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

A user can abuse notifyRewardAmount() and dilute rewards for everyone

Incorrect Token Amount Comparison in updateParticipation() Prevents Users from Decreasing Their Position

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Method Auction.endAuction() in auction will always revert due to wrong globalPool() check in Pool contract

Auction settlement affects bond and leverage token creation and redemption in Pool contract

Auction pull reserve tokens from next Auction schedule

BalancerRouter.sol locks excess user funds when PreDeposit.sol hits reserveCap

A user can Blacklist themselves in Auction process when coupon token is USDC

Pool fee is unaccounted when Auction settles

OrderId can be easily overwritten which can be exploited to drain contract

A user can modifyOrder() after the order execution and get the refund as the order status is missing

Anyone can create order on behalf of receiver if the receiver has given extra approval to OracleLess and StopLimit contracts

In OracleLess.createOrder() feeBips value validation is missing

Missing maxPendingOrders check in OracleLess.sol

Method safeApprove() will revert if the allowance of msg.sender is not 0

Remove splitter will always revert if there are some rewards left on splitter contract

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

Method refundPlayers doesn't update _lockedETH in WinnableTicketManager

Possible DOS in raffle setup mechanism

RedStoneOracle is not integrated properly

There is no slippage check in the `nuke()` function.

Single plot can be occupied by multiple renters

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Phantom overflows can lead to unexpected reverts

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Decimal Limitation in CamelotRelayer and UniV3Relayer Contract Deployment

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Zero address leads to transaction reverts

Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`

Uncheck Arithmetic where overflow/underflow impossible

Zero address check for tokens

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

Use nested `if` statements instead of logical AND (`&&`)