Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Replay attack to suddenly offboard the re-onboarded lending term

Malicious borrower can decrease Guild holders reward

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

Vulnerability in burnToMint function allowing double use of NFT

Auction payout goes to AuctionDemo contract owner, not the token owner

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range

No access control on `mintRebalancer` and `burnRebalancer`

Direct transfer of USSD or DAI to the `uniPool` causes `rebalance` to malfunction

Cofused OR with AND in `SellUSSDBuyCollateral` leads to reverting

Anyone can trigger `marginTrading.executeOperation` and steal all the funds from this contract

Borrower can close a credit without repaying debt

Attacker can list an NFT they own and inflate to zero all users' contributions, keeping the NFT and all the money

Builder can halve the interest paid to a community owner due to arithmetic rounding

Proposal which started buyout which fails is able to settle migration as if its buyout succeeded.

Fund will be stuck if a buyout is started while there are pending migration proposals

Steal NFTs from a Vault, and ETH + Fractional tokens from users.

Migration: no check that user-supplied `proposalId` and `vault` match

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract

```migrateFractions``` may be called more than once by the same user which may lead to loss of tokens for other users

Voting overwrites checkpoint.voted in last checkpoint, so users can just vote right before claiming rewards

User rewards stop accruing after any _writeCheckpoint calling action

Wrong reward distribution in Bribe because deliverReward() won't set tokenRewardsPerEpoch[token][epochStart] to 0

no-revert-on-transfer ERC20 tokens can be drained

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

Vaults steal rebasing tokens' rewards

Vault is Not Compatible with Fee Tokens and Vaults with Such Tokens Could Be Exploited

Users can use updateBoost function to claim unfairly large rewards from liquidity mining contracts for themselves at cost of other users.

In ERC20Gauges, contribution to total weight is double-counted when incrementGauge is called before addGauge for a given gauge.

The noContract modifier does not work as expected.