The admin can steal the vault's entire TVL by staking the funds into their own position.

The value returned by slot0 is susceptible to manipulation.

Slippage protection is absent during position minting for uniswap.

Morpho strategy can be easily blocked by anyone during the early stage of the protocol's deployment, which will result in lost fees for both the protocol and its users.

Protocol violates one of the EIP-4626 MUST requirements for maxDeposit

Sellers can lose significantly more money in fees than expected because there are no safeguards preventing matches with buyers that have high fees.

PositionTokens violates one of the MUST rules defined in EIP-1155.

Users can obtain PositionTokens for free, harming both the protocol and sellers.

Prediction market funds become inaccessible when event is cancelled

Any SuperDCA token holder can completely block the accrual of rewards.

Users Who Queue Withdrawal Before A Slashing Event Disadvantage Users Who Queue After And Eventually Leads To Loss Of Funds For Them

Wrong refundExecutionFee in _handleReturn

Cancelling a Flow after a Position Is Created Might Result in Inflation/Deflation of Shares

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

`buyFee` And `sellFee` Should Be Known Before Purchase

maxSellPercent can be buypassed by selling previously bought vestings at a later time

Minting zero tokens when underlyingToken is not Ether in cashIn()

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

`shareBalance` bloating eventually blocks curator rewards distribution

Refunds sent to incorrect addresses in certain cases

Attacker can DOS user from selling shares of a credId

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Fee on transfer tokens are not supported

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal