Incorrect period used to access an auction.

When redeeming levETH while collateral level is greater than the threshold the redeem rate is compared with bondETH's market rate.

Tokens are not refunded when using BalancerRouter.

Incorrect fee accounting.

DoS of coupon claiming if one of the auction fails.

Every auction can be DoS'ed.

Some price feeds for tokens used in the protocol do not exist.

Attacker can make Pool unusable by dropping totalSupply to 0.

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

Users can claim more that their actual allotment

`buyFee` And `sellFee` Should Be Known Before Purchase

Tokens that has already been vested can be transferred from a user.

Incorrect referral fee calculations

Rounding error in stepDuration calculations.

Users can prevent being reallocated by listing to marketplace

Creator of one vesting plan can affect vesting plans created by other users.

Liquidator can bypass `_validateSeizedAssetValue()` check seizing all of the position's assets.

Lack of slippage protection during withdrawal in SuperPool and Pool contracts.

Griefing attack on seller's airdrop benefits

Wrong minting logic based on total token count across generations

Forger Entities can forge more times than intended

Pause and unpause functions are inaccessible

NFTs mature too slowly under default settings.

Each generation should have 1 "Golden God" NFT, but there could be 0

TraitForgeNft: Generations without a golden god are possible

Slashing NativeVault will lead to locked ETH for the users

The operator can create a `NativeVault` that can be silently unslashable.

Changing the slashingHandler for NativeVaults will DoS slashing

Airdrop rewards for ITO pariticipants will be diluted.

Staking rewards in ZivoeRewards/ZivoeRewardsVesting can be delayed.

ZVE tokens will get stuck in ZivoeRewardsVesting due to an underflow.

A user can escape paying interest for some of the payment intervals.

OCL_ZVE uses 0% slippage tolerance when adding liquidity.

`claimProceeds()` will be DoS'ed for a fully filled auction if a baseToken reverts on 0 amount transfers.

`BlastGas` does not set gas fees to claimable resulting in a loss of revenue for the protocol.

`Auctioneer.auction()` is incorrectly accesing the routing in storage.

`_revertIfLotConcluded()` incorrectly checks if the lot has concluded.

Permanent DoS of `claimBids()` and `settle()` functions for an auction lot with an expired `LinearVesting` derivative.

PrincipalToken is not ERC-5095 compliant

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Can mint NFT with the desired attributes by reverting transaction

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Fighter created by mintFromMergingPool can have arbitrary weight and element

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

There is no way to liquidate a position if it breaches maxDebtPerCollateralToken value creating bad debt.

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Borrower can drain all funds of a sanctioned lender

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

Medim severity - No check for stale price feeds

getPriceFromChainlink function in PriceOracle.sol does not check if the L2 sequencer is down.