Missing Input and Target Token Validation Allowing Draining of Unclaimed Refunds

Refunds can be claimed by anyone when the walletAddress isn't an EVM address

Missing Verification After Swap Allows Attacker to Drain Unclaimed Refunds

GatewayTransferNative::onCall doesn't handle native Zeta to wZeta deposits

USDT incompatible with IERC20 approve, transferFrom, and transfer

Missing Fee Deduction Leads to Loss of Funds

Deposits on long one leverage vault don't actually finalize the flow, leading to a Denial of Service (DoS)

PerpetualVault can be completely bricked

Functions that rely on chainlink prices cannot be queried on avalanche due to sequencer uptime check.

Fetching indexToken.balanceOf() will always revert for BTC market

Locked funds due to overflow via shares decimal scaling

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Adversary can win proposals with voting power as low as 4%

Incorrect sequence of AaveDIVAWrapper constructor parameters

Auctions can't be ended due to logical error

Inconsistent `sharesPerToken` Usage Causes Incorrect Claim Amount

DoS due to insufficient allowance in BalanceRouter.sol

Strike price manipulation lets borrowers underpay for ETH upside

aBOND token holders never receive yields from liquidation

Lack of check allows borrowers to purchase options that never expire

Borrowers can renew expired options before withdrawal

USDT and USDa price parameters allow attacker to drain USDT from Treasury

Missing access controls bricks CDS deposits/withdraws and prevents liquidations

Misrouted cross chain message refund causes loss of funds and bricks liquidations

Type TWO liquidations don't update state allowing liquidated borrowers to withdraw

Volatility parameter manipulation allows misspricing of options

Overwithdrawal Due to Misaccounted Market Funds

Vote buyers get overcharged when a non-zero protocol fee is set

Missing KYC and NFT Ownership Verification for Ecosystem Access

USDT incompatible with IERC20Upgradeable(usd).approve()

Logical error causes incorrect calculation of liquidityIndex and borrowIndex

Supplying to vault DoS when underlying pools have capacity

Superpool owner can't pause deposits on Superpool

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Token withdrawal fails until someone manually approves spending

Fund Withdrawal Flaw in preMarket Allows Users to Avoid Settlement Obligations

The referral bonus can't be split correctly between the referrer and the authority referral