Interest Model Freeze

Global Variable Manipulation During Active Draw Alters End Result

Incorrect ticket price reference in JackpotBridgeManager causes user overpayment after price updates

`set_invocation_costs_config()` fails to authorize admin allowing anyone to set invocation costs

Expiration vector length mismatch causes panic in extend_ttl() when assets are added with zero initial expiration period

Systematic Overcharge in prices and x_prices: Fee Charged for Requested Records While Return is Capped at 20

`twap()` under-charges for multi-period queries due to hardcoded `periods=1`

Authorized Matchers Control Fee Treasury

Session signatures replay across wallets due to missing wallet binding

Claiming rewards in GovernanceHYBR will always revert

collectFees Reverts On Native-Currency Pools

Campaign Start Ignored For Legacy Trades

Staking Resets Token Reward Index Without Settling

Mint Rate Updates Retroactively Reprice Rewards

Dormant Emissions Minted To Developer/Pool On First Stake

Zero-Value Initial Liquidity Bricks Pools

Malicious Pool Address Allows Full Maker Deposit Theft

NFT metadata helper calls revert outside diamond storage

WStable share deposit/withdraw math over/under-mints due to wrong ERC4626 conversions

Rewards stream while totalCollateral = 0 lets first depositor capture all prior emissions

Total reward shares for token can reach zero after unlocking, causing `GTELaunchpadV2Pair` to be bricked

`LaunchToken` transfers cause staking rewards to be lost to the `LaunchPad`

DLoopDepositorBase Transfers User's Leftover Debt Tokens to Vault Instead of User

Share Pricing Ignores Debt Leading to Arbitrage Opportunities and Incorrect Vault Valuations

Rebalancing Subsidy Exploit for Minor Leverage Deviations

Inequitable Loss Distribution in Catastrophic Scenarios

Unauthorized ERC20 Token Transfer in Payment Contract

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Lack of deadline check in forwarded request

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Ineffective proposal threshold validation allows setting arbitrary high values

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

Unupdated MaxCap After Token Burn Creates State Inconsistency

Fee Addition Instead of Deduction Can Cause Users to Spend More Than Intended

Loss of Fees for Router `UpliftOnlyExample` due to Division Rounding in Admin Fee Calculation, Causing Unfair Fee Distribution

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

Inflated `totalAssets` in `StrategyMainnet`, `StrategyArb`, and `StrategyOp` Contracts

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Subtraction in `variance()` will revert due to underflow

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

Platform fees withdrawal will sweep oracle agents earned fees

Inconsistent Best Response Selection Due to Missing Tiebreak Mechanism

Insufficient Transfer Cooldown Period in CrossChainProofOfHumanity Contract

Incorrect Subcourt ID Assignment Due to Improper _arbitratorExtraData Initialization

Incorrect Renewal Period Configuration Allows Premature Renewals

Incorrectly assigned `decimal1` parameter upon decoding

`WellUpgradeable` can be upgraded by anyone

There is no slippage check in the `nuke()` function.

Forger Entities can forge more times than intended

Duplicate NFT generation via repeated forging with the same parent