AaveDIVAWrapper can't receive permissioned long and short tokens

The Deleverage Will apply twice on market USDtoken minting

Vaults weth reward is not distributed correctly

Incorrect Array Length Parameters in Error Message for Deposit and Redeem Fees Validation

CurveAdapter uses non-existent exchange_with_best_rate() method, breaking fee conversion on Arbitrum.

Out-of-Bounds Array Access in `_calculateQuantAMMVariance` with Odd Number of Assets and Vector Lambda

GradientBasedRules will not work for >=4 assets with vector lambdas

Transferring deposit NFT doesn't check if the receiver exceeds the 100 deposit limit

Getting data from pool can be reverted when one of the oracle is not live

Incorrect implementation of QuantammMathGuard.sol#_clampWeights.

Inconsistent timestamp storage when the LPNFT is transferred.

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

Old router retains token allowance after update

Inconsistent Shutdown Enforcement Allows Asset Deployment Post-Shutdown

Incorrect listing type validation bypasses enforcement of minimum purchase amount

Minting zero tokens when underlyingToken is not Ether in cashIn()

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

`LamboRebalanceOnUniswap::_getTokenInOut` formula used to compute rebalancing amount is wrong for a UniV3 pool

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

Unexpected protocol behavior because of some tokens have implementations only on part of the target chains

Soil issuance is computed incorrectly if `twaDeltaB` is negative while `instDeltaB` is positive.

Ignoring `caseId`value when season is below peg

Ignoring the Well Function logic for a ratio of reserves calculation

Using bytes number instead of slots number in the next slot calculation

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

Attacker Can Frontruns User's Withdrawals To Make Them Reverts Without Costs

No incentive to liquidate small positions could result in protocol going underwater

Value of kerosene can be manipulated to force liquidate users

Incorrect deployment / missing contract will break functionality

The liquidator can receive an unexpected huge amount of rewards

Reward distribution can be frontrun or sandwich attacked

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

The `editPool()` lacks a sanity check on the `payoutStart` parameter leading to incorrect or unfair reward distributions

8 lows for mocks

Unexpected revert at the `castVoteInternal` function

Users can deposit zero values

The number of deposits for future rounds may exceed `MAXIMUM_NUMBER_OF_DEPOSITS_PER_ROUND`

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

swap fees going to the liquidation pool manager contract will be accounted for as part of the liquidation amount

Removing assets in the `TokenManager` leads to major issues

CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse

DoS of the current auction settlement due to inaccurate calculation of rewards

Incorrect vesting allocations clearing when the list of allocations updating

Unexpected revert at the `delegateMgCvg` and `delegateVeCvg` when delegation removal

Owner cannot withdraw all interest due to wrong calculation of accrued interest in WithdrwaCarry

No slippage protection for Market functions

Single host can unfairly skip veto period for proposal that does not have full host support

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

Users have no option to heal agents with probability 99 percents

`GMXVault` can be blocked by a malicious actor

Yield in trove is lost when closing a strategy vault

The `afterWithdrawChecks` applies only if user wants to withdraw in tokenA/B

Users withdraw more assets than should when `mintFee` was called long ago

The protocol will mint unnecessary fees if the vault is paused and reopened later.

Incorrect depositable shortToken amount calculation in Delta neutral vaults

Inaccurate Fee Due to missing lastFeeCollected Update Before feePerSecond Modification

The `svTokenValue` function can return overestimated value of each strategy vault share token

Malicious users can front-run to cause a denial of service (DoS) for StakedUSDe due to MinShares checks

QVSimpleStrategy: unlimited voting is possible

Fee-on-transfer tokens are not supported

QVBaseStrategy: incorrect calculation in voice credits allocation

RFPSimpleStrategy: submitting proposal will always revert

RFPSimpleStrategy: fail in distributing the upcoming milestone

All bridged funds will be lost for the users using the account abstraction wallet

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

The RdpxV2Core contract allows anyone to call redeem tokens even if the contract is paused.

Lack of Balance Validation

The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations

Double-spending vulnerability leads to a disruption of the DSC token

Precision loss when calculating the health factor

Double checks

Spelling errors

Fixed `i_arbiterFee` can prevent payment

Typos

Malicious user can steal other user's deposits from Vault.sol

Vault does not conform to ERC4626

Pumps are not updated in the shift() and sync() functions, allowing oracle manipulation

It's possible to borrow, redeem, transfer tokens and exit markets with outdated collateral prices and borrow interest

It is impossible to slash queued withdrawals that contain a malicious strategy due to a misplacement of the ++i increment

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )