Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

Incorrect deployment / missing contract will break functionality

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

RFPSimpleStrategy#_registerRecipient would always revert if useRegistryAnchor initialized with true

Anchor would not be able to hold soulbound NFTs as expected

Paying fees could be avoided when in the fundPool function

Using slot0 data could lead to price manipulations

Missing deadline protection on deposit/withdraw

Oracle update could be sandwiched

DOS of withdrawing assets if IP does not have enough reserves

Oracles would not work on L2s

Missing sanity check on Chainlink return data

Missing checks for active sequencer in L2s oracle

Incorrect hardcoded oracles addresses

Wrong decimal number on DAI/ETH Chainlink priceFeed

Incorrect order of calculation in DAI oracle

Incorrect check in SellUSSDBuyCollateral function

Missing onlyBalancer modifier

Missing deadline and slippage protection on UniV3SwapInput

getOwnValuation function would overflow on a high sqrtPriceX96 value

Missing sanity checks on chainlink priceFeeds

Wrong calculation in WBTC oracle

Missing redeem function

Not checking if the L2 sequencer is down during the call to Chainlink feeds

Use of deprecated Chainlink function - latestAnswer()

executeOperation() does not check that initiator of flash-loan is the user

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

DOS attack prevents refunding previous bid in Shortfall.sol and malicious bidder always wins the auction

Buyer of the club could be front-runned by the club seller during trade

Previous owner of the club could steal club inventory

safeMint in FootiumClub is not "safe"

Use safeTransfer consistently instead of transfer

It is impossible to slash queued withdrawals that contain a malicious strategy due to a misplacement of the ++i increment

Risk of silent overflow in reserves update

PrivatePool owner can steal all ERC20 and NFT from user via arbitrary execution

`Factory.create`: Predictability of pool address creates multiple issues.

Malicious royalty recipient can steal excess eth from buy orders

Loss of funds for traders due to accounting error in royalty calculations

Royalty recipients will not get fair share of royalties

Flash loan fee is incorrect in Private Pool contract

An attacker can steal all tokens of users that use `FeeWrapper`

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

An attacker can manipulate the preDepositvePrice to steal from other users.

The buyer of the ticket could be front-runned by the ticket owner who claims the rewards before the ticket's NFT is traded

Protocol fees can be withdrawn multiple times in `Erc20Quest`

User may loose rewards if the receipt is minted after quest end time

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Reentrancy may allow an admin to steal funds

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Unbounded loops may cause `exercise()`s and `withdraw()`s to fail

Options with a small strike price will round down to 0 and can prevent assets to be withdrawn

Malicious Token Contracts May Lead To Locking Orders

instantUnstake function can be frontrunned with fee increase

Allowance check always true in ERC5095 redeem

ERC5095 redeem/withdraw does not update allowances

BathToken LPs Unable To Receive Bonus Token Due To Lack Of Wallet Setter Method

Attacker Could Steal Almost All The Bonus Token In BathBuddy Vesting Wallet

No cap on fees can result in a DOS in BathToken.withdraw()

Admin rug vectors

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`