Multiple Delegation by Double Spending Boosts and Lack of Delegation Tracking in BoostController Contract

Reward manipulation vulnerability in StabilityPool

Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry

Indefinite Extension of Delegation in function delegateBoos() in BoostController.sol

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

Missing Router Update Mechanism in StrategyMainnet Contract

Old router retains token allowance after update

Users can claim more that their actual allotment

Missing Signature Expiry Enables Perpetual Transaction Validity.

Remove splitter will always revert if there are some rewards left on splitter contract

Griefer can permanently DOS all the deposits to the `StakingPool`

Wrong value emitted in Withdraw event

Token withdrawal fails until someone manually approves spending

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

Missing access control on UTB:receiveFromBridge allows UTB swaps to be executed without spending bridge fees while bypassing fee/swap instruction signature verification

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Missing deadline check allow pending transactions to be maliciously executed

Fees are hardcoded to 3000 in ExactInputSingleParams

SINGLE STEP OWNERSHIP TRANSFER PROCESS

Accidental `renounceOwnership()` call can disrupt key operations in multiple contracts.

Lack of storage gap in SDLPool.sol can lead to upgrade storage slot collision.

Attacker can reenter to mint all the collection supply

Wrong hardcoded PnL factor is used in all GMXVault add liquidity operations

Transfer Limit of UNI Tokens May Lead to a DoS and Token Loss Risk

Constructor of `Escrow` should make sure that `buyer`, `seller`, `arbiter` are different from each other.

Contract Can Be Deployed Without Funds.

Position NFT can be spammed with insignificant positions by anyone until rewards DoS