downsideProtected is not protected

strikeprice doesn't align with strikePercent

anyone can make Borrowing.lastCumulativeRate huge

borrower can create unliquidatable position

liquidationType2 is not implemented at all right now

abond holder can steal from other abond holders

user can make protocol to not catch upside after withdraw

odos signature can be used for other withdraws to make bad swap on odos for protocol

Borrow's position will be never be liquidated after option expires

Users can renew their position after liquidation period

protocol will not be able to withdraw totalInterestFromLiquidation

the protocol will lose collateral from liquidation

Anyone can withdraw all usdt from treasury for 1usda

users will not get usda profits from liquidations

lastEthprice is not updated on borrower's deposit

Users can buy options for cheap

borrower withdraw wipes out all profit cds holders made from previous lastEventTime

cdsPoolValue will not be tracked properly after liquidations

cds holders will lose their deposit if collateral price goes down in value when they withdraw

Whenever the current chain doesn't have USDA tokens, the downside will not be enforced correctly.

borrowers will not be able to withdraw their funds due to noOfBorrowers underflow in Treasury

fee refund is not happening on borrower withdraw

All admin function can be ddosed

vault value is not being changed on liquidation

Market creator will not be able to withdraw his liquidity

authorProfileId can avoid being slashed

Anyone can become an operator for any user and execute any trade on their behalf due to lack restriction in marketfactory

settle's keepers will not receive their fees

Migration for global position will not work correctly

forecast-implied inferences can be set to any value due to ForecastElements is not filtered by duplicate.

Not appropriate Inferences will be used when calculating the forecast

Iteration over map is non-deterministic and could cause issues in consensus-critical code

any user can halt chain with a negative amount request using RemoveStake

anyone can rewrite reputer data and worker data

The default value of epsilon differs from what is stated in the whitepaper

The formula for forecast normalization differs from the one in the whitepaper.

incorrect condition for the iterative update of Equation 34

topic's funds is being used twice when activating a topic

Treasury cap restriction will not hold and one block per month will be compromised

SendDataWithRetry doesn't work properly(Retries will not happen)

Solidity >=0.8.20 is unsupported by linea and some other chains

witnet is not being supported on all chains.

batchUpdateAccountToken not restricted

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

The owner of RPDX Decaying Bonds is not updated on token transfers

The vault allows "free" swaps from WETH to RDPX

`fastTrackProposalExecution` doesn't check `intendedRecipient`

Its not possible to liquidate deprecated market

Number of prize tiers always increases if just 1 canary prize is claimed

Inconsistent behavior for canary claims in claimer

Operators can take escrow from order after its' cancellation

liquidatePartyB can be avoided by frontrunning

minAcceptablePortionLF is not being enforced on the partial opening positions which leads to liquidators receiving fewer funds than protocol promised to the liquidator

liquidatePartyA can be called after liquidatePositionsPartyA so partyA can be stuck in liquidateStatus forever

Solvency is not being checked correctly on opening position

AaveLeverageStrategyExtension doesn't work with turned on Efficiency Mode

Deprecated chainlink oracle

Side effects of LTV = 0 assets: Index's users will not be able to withdraw (collateral), borrow

Some modules will not work with certain ERC20s reverting when trying to approve with allowance already >0

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

Exchange Rate can be manipulated

Bad Debt in PoolLens.sol#getPoolBadDebt() is not calculated correctly in USD

It's possible to borrow, redeem, transfer tokens and exit markets with outdated collateral prices and borrow interest

Sometimes calculateBorrowerReward and calculateSupplierReward return incorrect results

User can avoid bankrupting by calling PositionManager.moveLiquidity where to index is bankrupted index

It is impossible to slash queued withdrawals that contain a malicious strategy due to a misplacement of the ++i increment

Slot and block number proofs not required for verification of withdrawal (multiple withdrawals possible)

function `restructureCapTable()` in Equity.sol not functioning as expected

Incorrect fee handling in Position.sol's Market Buy/Sell functions

Potential infinite loop in `_borrowLimit` function

Calling `Position._marketSell` function compares `fill_amt` that includes fee to `min_fill_amount` that does not include fee

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

DoS due to external call failure

Missing derivative limit and deposit availability checks will revert the whole `stake()` function

Users will be able to purchase fewer NFTs than the project had anticipated

Bio NFT incorrectly breaks SVG lines and doesn't support more than 120 characters effectively

Users can change each other assets value inside `RolloverIndex` queue

Users able to deposit at epoch time they are not suppose to

Admin cannot change treasury for market