The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Adversary can win proposals with voting power as low as 4%

Incorrect sequence of AaveDIVAWrapper constructor parameters

Auctions can't be ended due to logical error

Inconsistent `sharesPerToken` Usage Causes Incorrect Claim Amount

DoS due to insufficient allowance in BalanceRouter.sol

Strike price manipulation lets borrowers underpay for ETH upside

aBOND token holders never receive yields from liquidation

Lack of check allows borrowers to purchase options that never expire

Borrowers can renew expired options before withdrawal

USDT and USDa price parameters allow attacker to drain USDT from Treasury

Missing access controls bricks CDS deposits/withdraws and prevents liquidations

Misrouted cross chain message refund causes loss of funds and bricks liquidations

Type TWO liquidations don't update state allowing liquidated borrowers to withdraw

Volatility parameter manipulation allows misspricing of options

Overwithdrawal Due to Misaccounted Market Funds

Vote buyers get overcharged when a non-zero protocol fee is set

Missing KYC and NFT Ownership Verification for Ecosystem Access

USDT incompatible with IERC20Upgradeable(usd).approve()

Logical error causes incorrect calculation of liquidityIndex and borrowIndex

Supplying to vault DoS when underlying pools have capacity

Superpool owner can't pause deposits on Superpool

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Token withdrawal fails until someone manually approves spending

Fund Withdrawal Flaw in preMarket Allows Users to Avoid Settlement Obligations

The referral bonus can't be split correctly between the referrer and the authority referral