Potential Unbacked Fee During Redemption

Malicious actors can dilute the staking rewards to a longer timeframe

Wrong check in VestingPlan::_resetVestingPlans limits amount that can be set when resetting vesting

Token unwhitelist is not handled properly

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

If a reward is paused in the whitelist, all users who interact with the staking pool will forever lose claim to that paused reward and the reward is locked in the contract even when unpaused

AutoCompoundingLp::_processRewardsToPodLp doesnt claim unclaimed rewards from TokenRewards before processing rewards to asset

maxSwap is an insufficient solution to the asptkn donation issue

Auctions can never be completed

Malicious users with small bids can blacklist themselves from the coupon token(usdc) to prevent their bid from being removed when bidcount > maxbids

Users still have claim to tokens on a period even if the auction for that period failed

if share per token is ever changed, it could cause a mismatch of state

Pyth oracle does not validate the freshness of price

Users can claim more that their actual allotment

Reentrancy in contracts would allow malicious to steal tokens and also cancel another users order

A user can double spend their tokens by (filling or cancelling) an order then modifying with a decreasePosition

Repeated Cancellation Exploit Using Overlapping orderId in Order Contracts

None use of msg.sender as "from" in ERC20.transferFrom allows malicious to OrderContract(OracleLess.stopLimit)::createOrder griefing users

the publish time in PythOracle::currentValue is not done properly

Minting zero tokens when underlyingToken is not Ether in cashIn()

UsualX::withdraw burns more shares than it takes its equivalent assets in fees

Users can claim only one epoch for a particular distributionID

Incorrect Calculation of fulfillmentAmount leads to less protocolFees being paid

There is insufficient access control on updating an account position

User supply balance is not tracked properly

When accruing to treasury, totalShares is not incremented but it is decremented when withdrawing to treasury

When liquidating debt and collateral amount params are used in shares instead of in amounts

Several functions in the contracts falsely assume the number of decimals being returned by the oracle

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Size uses wrong source to query available liquidity on Aave, resulting in borrow and lend operations being bricked upon mainnet deployment

LiquidateWithReplacement does not charge swap fees on the borrower