Implied Volatility can be manipulated and takes a long time to recover, which can lead to bad debt

Oracle.sol: manipulation via increasing Uniswap V3 pool observationCardinality

Borrower.sol: Health check uses stale liabilities

governor can permanently prevent withdrawals in spite of being restricted

Couriers can be cheated out of earning fees due to frontrunning

Lender.sol: Incorrect rewards accounting for RESERVE address in _transfer function

Oracle.sol: observe function has overflow risk and should cast to uint256 like Uniswap V3 does

Theft of collateral tokens with fewer than 18 decimals

Anyone can burn **DecentralizedStableCoin** tokens with `burnFrom` function

BalancedVault.sol: loss of funds + global settlement flywheel / user settlement flywheels getting out of sync

Missing Sequencer Uptime Feed check can cause unfair liquidations on Arbitrum

ChainlinkAggregator: binary search for roundId does not work correctly and Oracle can even end up temporarily DOSed

Payoff definitions that can cross zero price are not supported

BalancedVault.sol: Early depositor can manipulate exchange rate and steal funds

BalancedVault.sol: claim can be impossible due to unsigned integer underflow

MarginTrading.sol: Missing flash loan initiator check allows attacker to open trades, close trades and steal funds

MarginTrading.sol: The whole balance and not just the traded funds are deposited into Aave when a trade is opened

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

Price of sfrxEth derivative is calculated incorrectly

Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed

DoS due to external call failure

Missing derivative limit and deposit availability checks will revert the whole `stake()` function

Carousel: enlistInRollover function sets wrong rollover queue index in the case of updating an existing rollover which bricks the rollover functionality

Carousel: minting ERC1155 performs callback which can cause revert and brick rollover queue and deposit queue which leads to complete loss of funds in the deposit queue

Carousel: When a rollover is delisted it can prevent another rollover from being processed

Carousel.mintRollovers function loses all profit when rolling over

Carousel: Deposit fee can be bypassed

ControllerPeggedAssetV2: `triggerEndEpoch` function can be called even if epoch is null epoch leading to loss of funds

VaultFactoryV2.changeTreasury function does not set correct treasury

VaultV2: `epochHasNotStarted` and `epochHasStarted` modifiers are not well-defined which can lead to loss of user funds

VaultV2: Ongoing epoch can be managed by non-whitelisted controller

Carousel: emission tokens are lost if epoch has no deposits (NULL epoch)

Carousel.mintRollovers function: relayerFee that is subtracted from assets is too high

ControllerPeggedAssetV2: outdated price may be used which can lead to wrong depeg events

Protocol breaks with collateral that does not have 18 decimals

Missing input validation for _rewardProportion parameter allows keeper to escalate his privileges and pay back all loans

SwapHandler.sol: Check that collateral token cannot be swapped is insufficient for tokens with multiple addresses

BaseVault: liquidationSurcharge amount is too high if collateralToLiquidate gets capped

HatsSignerGateBase: signers can add / remove / swap signers which bypasses the HSG logic and can lead to multiple bad outcomes including DOS and increased control over Safe

HatsSignerGateBase: valid signer threshold can be bypassed because HSG checks signatures differently from Safe which allows exploitation

HatsSignerGate + MultiHatsSignerGate: more than maxSignatures can be claimed which leads to DOS in reconcileSignerCount

HatsSignerGateBase: reconcileSignerCount function might set threshold too high

Safe can no longer execute transactions when module other than HatsSignerCreate enables a module

Signers can backdoor the Safe by swapping modules to execute any transaction in the future without consensus

HatsSignerGateBase: _removeSigner function may revert so it is not possible to remove a signer

Hats.sol: linkedTreeRequests entry should be deleted when unlinking

Hats.uri function can be DOSed by providing large details or imageURI string or cause large gas fees

Hats.balanceOfBatch returns wrong result

HatsSignerGateFactory: Should revert if there are more than 5 existing modules

Attacker can deposit and refund NFT which leads to DOS in claim functionality

Attacker can fund bounty with malicious ERC20 and block payouts

Unbounded loop in BounyCore.getLockedFunds function leads to DOS in DepositManagerV1.refundDeposit function

Anybody can fund bounty with worthless NFTs thereby not allowing any further NFT funding

When tokenAddresses set has reached TOKEN_ADDRESS_LIMIT, tokens that are contained in the tokenAddresses set cannot be used for funding

Remaining funds cannot be refunded after partial refund

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Funds can be stuck due to wrong order of operations

Users may not claim Erc1155 rewards when the Quest has ended

User may loose rewards if the receipt is minted after quest end time

Drips that end after the current cycle but before its creation can allow users to profit from squeezing

Use safe ERC20 operations

Cooler: roll function should set `loan.rollable` to `false` when called

Cooler: repay function can be front-run so borrowers transaction reverts

Cooler: loan should start out not rollable

Basket range formula is inefficient, leading the protocol to unnecessary haircut

RecollateralizationLib: Dust loss for an asset should be capped at its low value

BackingManager: rTokens might not be redeemable when protocol is paused due to missing token allowance

attacker can prevent vesting for a very long time

BackingManager: rsr is distributed across all rsr revenue destinations which is a loss for rsr stakers

BasketHandler: Users might not be able to redeem their rToken when protocol is paused due to refreshBasket function

StRSR: seizeRSR function fails to update rsrRewardsAtLastPayout variable

PerpDepository: rebalance function is unusable with sqrtPriceLimitX96 parameter unequal 0 (slippage protection cannot be enabled)

If a user approves USDC to PerpDepository, anyone can call rebalance and rebalanceLite

PerpDepository: _rebalanceNegativePnlWithSwap function deposits USDC amount denominated in 1e18 to vault

PerpDepository: user can lose funds in _rebalanceNegativePnlLite function due to partial order execution

PerpDepository: getDebtValue function uses wrong formula to calculate result

Borrowers may earn auction proceeds without filling the debt shortfall

PaprController.buyAndReduceDebt: msg.sender can lose paper by paying the debt twice

`PaprController` pays swap fee in `buyAndReduceDebt`, not user

Grieving attack by failing user's transactions

MinipoolManager: node operator can avoid being slashed

Hijacking of node operators minipool causes loss of staked funds

node operator is getting slashed for full duration even though rewards are distributed based on a 14 day cycle

AVAX Assigned High Water is updated incorrectly

TokenggAVAX: maxDeposit and maxMint return wrong value when contract is paused

MinipoolManager: recordStakingError function does not decrease minipoolCount leading to too high GGP rewards for staker

wrong reward distribution between early and late depositors because of the late syncRewards() call in the cycle, syncReward() logic should be executed in each withdraw or deposits (without reverting)

slashing fails when node operator doesn't have enough staked `GGP`

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

Inflation rate can be reduce by half at most if it get called every 1.99 interval.

Bypass `whenNotPaused` modifier

`requireNextActiveMultisig` will always return the first enabled multisig which increases the probability of stuck minipools

Coding logic of the contract upgrading renders upgrading contracts impractical

Malicious user can steal all assets in BondNFT

Lock.sol: assets deposited with Lock.extendLock function are lost

Not enough margin pulled or burned from user when adding to a position

`safeTransferMany()` doesn't actually use safe transfer

`executeLimitOrder()` modifies open-interest with a wrong position value

Unreleased locks cause the reward distribution to be flawed in BondNFT

Lock.sol: claimGovFees function can cause assets to be stuck in the Lock contract

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

`saleReceiver` and `feeReceiver` can steal refunds after sale has ended

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

Creator can still "cancel" a sale after it has started by revoking permissions in `OpenEdition` contract

Escher721 contract does not have setTokenRoyalty function

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

Vault_Synths: false calculation of USD debt allows under-collateralized loans

Depositor.sol: Funds can be withdrawn from any Depositor contract leading to loss of rewards and funds

Depositor.sol: Allowing withdrawals when Depositor is approved is unsafe and can lead to loss of funds

Virtual price is not updated correctly which leads to less interest that needs to be paid