Attackers can steal funds by using the `migrateFrom` and `migrateTo` functions

The price of PT is not equal to underlying price after expiry

Tokens that don't return a bool in the `transfer` function can't work with ZappingProxy

ZappingProxy can't receive ETH

Oracle for Pendle PT incorrectly assumes the decimal of rate as 18

All market operation assumes the price of USG as 1 USD

The `sUSDe.withdraw` function always reverts

There is no slippage in the liquidation

Users may unexpectedly incur financial losses due to high gas fees

The `updateParticipation` function can be DoSed due to incorrect check

Vulnerability in handling orders in the same block

No resetting the allowance of the token to 0 in the `execute` functions

Discrepancy in the `createOrder()` function of the `Bracket` and the `StopLimit` contract

Malicious attackers can steal funds by buying and selling votes in one transaction from the reputation market

Fee Mismanagement in the `ReputationMarket.buyVotes` Function

Incorrect fees calculation in the `EthosVouch.applyFees` function causes the voucher's loss of funds

An incorrect fee calculation may result in the application of two different fee rates

An incorrect income distribution will lead to fund losses during slashing

Most users won't be able to claim their share of Uniswap fees