Deposits on long one leverage vault don't actually finalize the flow, leading to a Denial of Service (DoS)

If users withdraw while a position is in loss, the whole PNL of the position to their withdrawal amount instead of just their share of it.

Subtracting position fee in position net value will lead to incorrect share allocation

PerpetualVault can be completely bricked

getExecutionGasLimit() reports a lower gas limit due to gasPerSwap miscalculation

Functions that rely on chainlink prices cannot be queried on avalanche due to sequencer uptime check.

User may withdraw more than expected if ADL event happens

ADL can result in unwrapped ETH as output which is not handled

Protocol Recovery Mechanism at Risk Due to Unhandled Token Transfer Failures

`_withdraw` function uses `shortTokenPrice.max` instead of `shortTokenPrice.min` when computing negative PnL adjustment, leading to underestimation of losses and excessive collateral withdrawal

Calculating price impact collateral is incorrect when calculating users' increase from deposit

Not setting approval to 0 when doing swaps can lead to draining of funds

Reentrancy can be exploited in OracleLess contract

modifyOrder() can be used to drain funds from already filled/cancelled orders

Incorrect safeTransferFrom parameter when creating stop limit orders

If users create two orders close in time, the second one may override the first.

DoS in OracleLess contract

Tokens used are not checked in OracleLess contract

Wrong check for stale price in PythOracle

Bracket and StopLimit contracts are vulnerable to DoS attacks.

NativeMetaTransaction.sol :: executeMetaTransaction() failed txs are open to replay attacks.

Reorg Vulnerability in DAO Membership Creation Allows Users to Join Incorrect DAOs

EIP712Base Is Incompatible With Chain Fork

Users cannot claim rewards for different epochs for the same distribution

Public unfarmBuyBurn may not rebalance the pool correctly

AMO bot can move the price higher/lower than target $1 which should not be allowed

FlashSwapRouter.emptyReserve() always returns 0 leading to excess DS in the LV to be stucked

Exchange rate between RA: CT+DS is not used when liquidating LP tokens at expiry

lockUnchecked() is used instead lockFrom() in PsmLib.repurchase() leading to wrong accounting of locked RA tokens.

lvRedeemRaWithCtDs() does not account for the RA tokens locked in PSM

Wrong accounting of locked RA when redeeming RA with DS

On-chain calculated tolerance does not provide slippage protection when depositing into LV

Initial AMM price ratio can be manipulated

Providing liquidity to the AMM does not check the return value of actually provided tokens leading to locked funds.

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

H-1: Locked ETH is not updated upon players refund, resulting in permanent stuck funds

Perpetual frontrunning of raffle creation leading to inability to create raffles and CCIP fee token loss

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

Token withdrawal fails until someone manually approves spending

Unnecessary balance checks and precision issues in TokenManager::_transfer

Low Severity Issues

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

There is no slippage check in the `nuke()` function.

NFTs mature too slowly under default settings.

Single plot can be occupied by multiple renters

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)