Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Incorrect withdraw queue balance in TVL calculation

Lack of slippage and deadline during withdraw and deposit

Chainlink connector doesn’t check for the Min / Max prices returned

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

First Liquidity provider can claim all initial pool rewards

DOS of proposals by abusing ballot names without important parameters

Single token purchase restriction on curve creation enables sniping

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Incorrect amounts of ETH are transferred to the DAO treasury in `ERC20TokenEmitter::buyToken()`, causing a value leak in every transaction

Bidder can use donations to get VerbsToken from auction that already ended.

LendingTerm::debtCeiling() can return wrong debt as the min() is evaluated incorrectly

No slippage protection for Market functions

The price of rsEHT could be manipulated by the first staker

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

Auction winner can prevent payments via `safeTransferFrom` callback

Malicious users can front-run to cause a denial of service (DoS) for StakedUSDe due to MinShares checks

Approved address can approve other addresses for an owner's safe

Vault721.tokenURI does not comply with ERC721 - Metadata specification

Decimal Limitation in CamelotRelayer and UniV3Relayer Contract Deployment

Math error in `_qv_allocate`

`QVSimpleStrategy` don't support native token

AuraSpell#_getJoinPoolParamsAndApprove Leads to maxAmountsIn[i] Mismatch with Existing LP Tokens

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Liquidation Is Prevented Due To Strict Implementation of Liqudation Bonus

staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.

Precision Loss in Calculating lowerTick and upperTick in _getTicksForPosition

USSD.sol mintRebalancer lose access control