Panic when decoding a malformed deposit transaction JSON string

WithdrawFacet's withdraw calls native payable.transfer, which can be unusable for DiamondStorage owner contract

Should prevent users from sending more native tokens in the `startBridgeTokensViaCBridge` function

DexManagerFacet: batchRemoveDex() removes first dex only

cBridge integration fails to send native tokens

Anyone can get swaps for free given certain conditions in `swap`.

Lack of access control on `assertGovernanceApproved` can cause funds to be locked

Double transfer in the `transferAndCall` function of `ERC677`

LP pricing formula is vulnerable to flashloan manipulation

Logic error in `burnFlashGovernanceAsset` can cause locked assets to be stolen

Calling `generateFLNQuote` twice in every block prevents any migration

Lack of access control in the `parameterize` function of proposal contracts

Tolerance is not enforced during a flash governance decision

Incorrect accounting on transfer-on-fee/deflationary tokens in `Gravity`

Lack of sufficient power check in `updateValset` of `Gravity`

Unchecked ERC20 transfers can cause lock up

anyone can call function sponsor

Function `foreclosureTimeUser` returns a shorter user's foreclosure time than expected

RCFactory.createMarket() does not enforce _timestamps[1] and _timestamps[2] being larger than _timestamps[0], even though proper functioning requires them to be so

Exchange rates from Compound are assumed with 18 decimals

Use `safeTransfer` instead of `transfer`

Users could shift tokens on `Staker` with more than he has staked

copy paste error in _batchConfirmOutstandingPendingActions

latestMarket used where marketIndex should have been used

Use of safeApprove will always cause approveMax to revert

Inconsistent balance when supplying transfer-on-fee or deflationary tokens

Incorrect internal balance bookkeeping

Flash loan manipulation on `getPoolShareWeight` of `Utils`

Pool.sol & Synth.sol: Failing Max Value Allowance

Result of transfer / transferFrom not checked

Missleading onlyDAO modifiers

Improper access control of `claimAllForMember` allows anyone to reduce the weight of a member

Dao.sol: Insufficient validation for proposal creation

activeTransactionBlocks are vulnerable to DDoS attacks

Approval is not reset if the call to IFulfillHelper fails

Router liquidity on receiving chain can be double-dipped by the user

Signatures use only tx ID instead of entire digest

safeTransferFrom in TransferHelper is not safeTransferFrom

Chainlink - Use latestRoundData instead latestAnswer to run more validations

`Buoy3Pool.safetyCheck` is not precise and has some assumptions

sortVaultsByDelta doesn't work as expected

Use of deprecated Chainlink function `latestAnswer`

Wrong trading pricing calculations

No check transferFrom() return value

Use of deprecated Chainlink API

User could lose underlying tokens when redeeming from the `IdleYieldSource`

Return values of ERC20 `transfer` and `transferFrom` are unchecked

SafeMath not completely used in yield source contracts

Using `transferFrom` on ERC721 tokens

Unchecked ERC20 transfers can cause lock up

anyone can call function sponsor

Function `foreclosureTimeUser` returns a shorter user's foreclosure time than expected

RCFactory.createMarket() does not enforce _timestamps[1] and _timestamps[2] being larger than _timestamps[0], even though proper functioning requires them to be so

User can redeem more tokens by artificially increasing the chi accrual

Possible DoS attack when creating `Joins` in `Wand`

Users can avoid paying borrowing interest after the fyToken matures

Locked funds from tokenization are credited twice to user leading to protocol fund loss

`Withdrawable.withdraw` does not decrease `pendingWithdrawals`

Incorrect implementation of arctan in the contract `FairSideFormula`

Incorrect type conversion in the contract `ABC` makes users unable to burn FSD tokens

Incorrect use of _addTribute instead of _addGovernanceTribute

Should check return data from Chainlink aggregators

The variable `fShareRatio` is vulnerable to manipulation by flash minting and burning

Unbounded loop in `_removeNft` could lead to a griefing/DOS attack

Unchecking the ownership of `mph` in function `distributeFundingRewards` could cause several critical functions to revert

Missing nonReentrant in swapTo

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Missing access restriction on `lockUnits/unlockUnits`

Users may unintendedly remove liquidity under a phishing attack.

Allowing duplicated anchors could cause bias on anchor price.

Bypass or reduction on the lockup period of Pool FDTs.