Out-of-Bounds Array Access in `_calculateQuantAMMVariance` with Odd Number of Assets and Vector Lambda

Fee Evasion via LP Token Transfer Resets Deposit Value

Loss of Fees for Router `UpliftOnlyExample` due to Division Rounding in Admin Fee Calculation, Causing Unfair Fee Distribution

Owner fee will be locked in `UpliftOnlyExample` contract due to incorrect recipient address in `UpliftOnlyExample::onAfterSwap`

GradientBasedRules will not work for >=4 assets with vector lambdas

fees sent to QuantAMMAdmin is stuck forever as there is no function to retrieve them

“Uplift Fee” Incorrectly Falls Back to Minimum Fee Due to Integer Division

Transferring deposit NFT doesn't check if the receiver exceeds the 100 deposit limit

Users transferring their NFT position will retroactively get the new `upliftFeeBps`

Inconsistent timestamp storage when the LPNFT is transferred.

missing implementation for a function to change upliftFee

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Inflated `totalAssets` in `StrategyMainnet`, `StrategyArb`, and `StrategyOp` Contracts

Users can claim more that their actual allotment

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

Underflow in `claimable` DOSing `claim` Function

Cancel doesn't remove orders mappings, allowing attacker to modify it to extract funds again

in oracleLess, attacker can create two orders in same block to steal funds

cross function reentrency to cause loss of funds to user by malicious `target`

users that gave approvals to `stopLimit` contract can be drained

Attacker can use malicious token with hook in `oracleLess` to cause loss of funds to users

attacker can dos the time sensetive `fillStopLimitOrder::stopLimit`

wrong logical operator in `PythOracle` Forcing Stale prices only

`SablierFlowBase` Lacks `EIP-165` Compliance for `EIP4906` Interface Support

users can't claim his rewards of epochs with the same distributionId

relisting previously liquidated NFT will cause loss of funds to new owner

reserving a previously liquidated Token will cause loss of funds to new owner

`Listings::reserve()` doesn't delete reserved listings causing integration issue

Voters lose their tokens due to misconfiguration in `cancel` function

Malicious Whale can cause Loss of Fees of LP Providers

User Initializing a Pool will have his funds stuck

Owner of Bridged ERC1155 Royalties can't claim them

Attacker can frontrun large fee deposits from `fillListing`

Malicious user can prevent `lockerManager` from executing `CollectionShutdown` function

Malicious user can bypass execution of `CollectionShutdown` function

EdgeCase in `CollectionShutdown` leading to funds being stuck.

Malicious Whale can manipulate `totalsupply` to liquidate or illiquidate a liqudiateable listing

Broken core contract functionality `UniswapImplementation::setFeeExemption` making `exemptionFee` is never useable

User extra funds during Pool initializtion would be stuck in `UniswapImplementation`

discrepancies between the spec and the code 'redeem mTBILL for USDC pulled from BUIDL' Edge case

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds