The `amountIn` parameter of the `StableExchange` event is not always correct

`PALMERA_TX_TYPEHASH` incorrectly calculated

Gas report

Gas Report

Code Refactor - Gas Report

GAS REPORT

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Auction winner can prevent payments via `safeTransferFrom` callback

Artist signatures can be forged to impersonate the artist behind a collection

Auction payout goes to AuctionDemo contract owner, not the token owner

Residual ETH unreachable and unuitilized in SafEth.sol

Stuck ether when use function `stake` with empty `derivatives`(`derivativeCount` = 0)

Collateral NFT deposited to a wrong address, when transferred directly to `PaprController`

reentrancy attack during mint() function in Position contract which can lead to removing of the other user's limit orders or stealing contract funds because initId is set low value

Incorrect Assumption of Stablecoin Market Stability

Front-running to nonce orders signatures

Possible DoS in deposit USDC queue

Anyone can steal `AMMToken` from **Depositer** contract

Use `safeTransfer`/`safeTransferFrom` instead of `transfer`/`transferFrom` for ERC20 transfer

GiantLP with a transferHookProcessor cant be burned, users' funds will be stuck in the Giant Pool

Incorrect accounting in SyndicateRewardsProcessor results in any LP token holder being able to steal other LP tokens holder's ETH from the fees and MEV vault.

Possibly reentrancy attacks in `_distributeETHRewardsToUserForToken` function

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Direct theft of buyers ETH funds.

Protocol can be easily rug-pulled by the owner

Yul `call` return value not checked

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Direct theft of buyers ETH funds.

Protocol can be easily rug-pulled by the owner

Yul `call` return value not checked

frxETHMinter.depositEther may run out of gas, leading to lost ETH

sfrxETH: The volatile result of previewMint() may prevent mintWithSignature from working

not able to create claim

Griefing attack on the Vaults is possible, withdrawing the winning side stakes

Use can get unlimited votes

Anyone can create disputes if `contractor` is not set

VotingEscrow's merge and withdraw aren't available for approved users

Wrong `DOMAIN_TYPEHASH` definition

Voting tokens may be lost when given to non-EOA accounts

No cap on fees can result in a DOS in BathToken.withdraw()

Admin rug vectors

Wrong DOMAIN_SEPARATOR

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

Possible lost msg.value