_revokeRole doesn't remove account from roleMember set

Chainlink's latestRoundData might return stale or incorrect results

`call()` should be used instead of `transfer()` on an `address payable`

FlywheelCore's setFlywheelRewards can remove access to reward funds from current users

Chainlink's latestRoundData might return stale or incorrect results

StakedCitadel doesn't use correct balance for internal accounting

StakedCitadel: wrong setupVesting function name

New vest reset `unlockBegin` of existing vest without removing vested amount

Existing user’s locked JPEG could be overwritten by new user, causing permanent loss of JPEG funds

`StrategyPUSDConvex.balanceOfJPEG` uses incorrect function signature while calling `extraReward.earned`, causing the function to unexpectedly revert everytime

Controller: Strategy migration will fail

The noContract modifier does not work as expected.

Chainlink pricer is using a deprecated API

`_execute` can potentially reorder a batch of commands while executing, breaking any assumptions on command orders.

`Comptroller._setUniV3LpVault` will always cause in-use uniswapV3 positions to become stuck in `UniV3LpVault`

Dysfunctional `CToken._acceptAdmin` due to lack of function to assign `pendingAdmin`

Arbitrary contract call within `UniV3LpVault._swap` with controllable `swapPath`

currentLoanOwner can manipulate loanInfo when any lenders try to buyout

When an attacker lends to a loan, the attacker can trigger DoS that any lenders can not buyout it

Setting new buffer does not reduce current buffer to cap

`vcon` address change not persistent across protocol components

Splitter: Anyone can call incrementWindow to steal the tokens in the contract

CoreCollection can be reinitialized

`CoreCollection.setRoyaltyVault` doesn't check `royaltyVault.royaltyAsset` against `payableToken`, resulting in potential permanent lock of `payableTokens` in royaltyVault

Past state query results are susceptible to manipulation due to multiple states with same block number

https://github.com/sublime-finance/sublime-v1/blob/46536a6d25df4264c1b217bd3232af30355dcb95/contracts/PooledCreditLine/LenderPool.sol#L404-L406

Reliance on lifiData.receivingAssetId can cause loss of funds

Swap functions are Reenterable

`AnyswapFacet` can be exploited to approve arbitrary tokens.

[WP-H7] Infinite approval to an arbitrary address can be used to steal all the funds from the contract

cBridge integration fails to send native tokens

Anyone can get swaps for free given certain conditions in `swap`.

`msg.value` is Sent Multipletimes When Performing a Swap

First depositor can break minting of shares

Market expiry behaviour differs in implementation and documentation

Incorrect strike price displayed in name/symbol of qToken

Mint spread collateral-less and conjuring collateral claims out of thin air with implicit arithmetic rounding and flawed int to uint conversion

Processes refinance operations may call malicious code by re-created refinancer contract