Attacker will steal funds from depositors by manipulating share price via Uniswap V3 spot price

ERC-4626 violation: jDOLA vault's maxDeposit() and maxMint() return infinite capacity when MAX_SHARES limit exists, causing user reverts on deposits

Attacker will brick XYK pair and lock initial LP funds via a one-sided first deposit

EverclearBridge will fail all cross-chain transfers due to missing token transfer

Rebalancer will permanently block rebalances for a route due to stale window size check

Users will receive fewer mTokens than expected during migration due to incorrect slippage calculation with wrong token decimals

Protocol will brick or lose funds on non-mainnet deployments

User can withdraw tokens without paying the intended tax due to an uninitialised variable in `removeValueSingle`’s fee calculation

Users Who Queue Withdrawal Before A Slashing Event Disadvantage Users Who Queue After And Eventually Leads To Loss Of Funds For Them

Incorrect Balance Check in Validator Redelegation Process May Block Legitimate Rebalancing Operations

Lack of deadline check in forwarded request

No slippage protection for Market functions

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

[MEDIUM]Allo#_fundPool

[MEDIUM] QVBaseStrategy.sol

A malicious early depositor can manipulate the `LP-Token` price per share to take an unfair share of future user deposits