The user can send tokens to any address by using two bridge transfers, even when transfers are restricted.

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

The lock_pool operation can be dos

Last buy might charge the wrong fee

Users can claim more that their actual allotment

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

Incorrect listing type validation bypasses enforcement of minimum purchase amount

LamboFactory can be permanently DoS-ed due to createPair call reversal

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

Malicious actors can front-run and steal token from users.

The `bankBalance` function failed to handle errors correctly.

The NFT in the buyOrder contract will not be transferred to the owner

The fee calculation in extendLoan function has a error

The withdrawal fee is not fully deducted from the total deposits.

Removed addresses should not be able to call archiveProfile(), restoreProfile(), or uninviteUser().

The upgradeable contract lacks a gap

The `allowed_token` account lacks mint account verification.

oapp_lz_receive is missing a user check.

`rebate_info` and `rebate_manager` are unable to sign the CPI call due to an incorrect implementation of the `seeds` function

Allow anyone to create new Wooracles and Woopools

Anyone can call `claimRoyalties` in `InfernalRiftBelow` contract

Excess eth will not be returned during initialization of initialize collection

Malicious actors can manipulate the `cross_chain_callback` callback

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

Inconsistent Handler Validation Behavior in Cairo ERC20Handler's Cross-Chain Callback

Anyone can manipulate user nonce (nonce_manager) in settlement contract

In settlement.cairo::receive_cross_chain_msg - the message will always be marked with Status::SUCCESS

The LockMint and BurnUnlock modes cannot be used

SettlementSignatureVerifier is missing check for duplicate validator signatures

In Starknet already processed messages can be re-submitted and by anyone

Invalid token address used in `ChakraSettlementHandler::cross_chain_erc20_settlement(...)` leading to invalid transaction creation and event emission

Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement

The receive_cross_chain_msg function has potential replay attack risks.

Missing `lower<upper` check in `mint_position`

update_emergency_council_7_D_0_C_1_C_58() updates nft manager instead of emergency council

Parameter Misordering in Fee Collection Function Causes Denial of Service and Fee Loss

If liquidity is insufficient, users may need to pay more tokens in swap2

`decrPosition09293696` will not work due to incorrect function signature

No related function to set fee_protocol

An attacker can immediately cancel the raffle

The attacker can prevent the winner and the administrator from withdrawing funds from the prize pool.

The Winnables administrator can prevent the winner from claiming the prize.

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Native token withdrawal fails until manually approved

`WellUpgradeable` can be upgraded by anyone

Number of entities in generation can surpass the 10k number

Potential Uninitialized `entropySlots` Reading in `getNextEntropy`, Causing 0 Entropy Mint

There is no slippage check in the `nuke()` function.

Forger Entities can forge more times than intended

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Inadequate Checking of `isIncreasing` when trader adjusts position size

Market Disruption and Financial Loss Post-Liquidation

Most users won't be able to claim their share of Uniswap fees

Fragmentation fee is not taken if user compensates with newly created position

Multicall does not work as intended

ThorChain will be informed wrongly about the unsuccessful ETH transfers due to the incorrect events emissions

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

Vaults can become immune from liquidation by setting `vault.recipient` to a blacklisted quote token address

Chainlink's `latestRoundData` might return stale or incorrect results

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Availability of deposit invariant can be bypassed

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used

In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true

Withdrawals in AccountManager are prone to DOS attacks.

Attacker can increase the length of `withdrawQueue` by withdrawing 0 amount of tokens frequently

Incorrect modifier condition

`maxDeposit`, `maxMint`, `maxWithdraw`, and `maxRedeem` functions do not return 0 when they should

Noya is not compatible with tokens whose balance changes outside of transfers causing funds to get stuck in the contract

`depositQueue.queue` in `AccountingManager` can be flooded causing a DoS

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Minter / Staker / Spender roles can never be revoked`..,