Users can claim more that their actual allotment

maxSellPercent can be buypassed by selling previously bought vestings at a later time

Listing potential can not be purchased with discounted price

Minting zero tokens when underlyingToken is not Ether in cashIn()

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

`lastRPS` could be set to `0` accidentally

Fragmentation fee is not taken if user compensates with newly created position

Borrower is not able to compensate his lenders if he is underwater

Taiko L1 - Proposer can maliciously cause loss of funds by forcing someone else to pay prover's fee

Taiko SGX Attestation - Improper validation in certchain decoding

The top tier prover can not re-prove

Salt Rewards - Rewards related to Arbitrage profits for pools can be lost

The peg stability module can be compromised by forcing lowerDepeg to revert.

No mechanism to settle out-of-money put options even after Bond receipt token is redeemed.

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

Collateral can be locked in BigBang contract when `debtStartPoint` is nonzero

Attacker can steal victim's oTAP position contents via `MagnetarMarketModule#_exitPositionAndRemoveCollateral()`

Magnetar V2 - mintFromBBAndLendOnSGL can not lock singularity assets to generate TOLP

Ulysses omnichain - RetrieveDeposit might never be able to Trigger the Fallback function

Multiple issues with `retrySettlement()` and `retrieveDeposit()` will cause loss of users' bridging deposits

Ulysses omnichain - addbridgeagentfactory in rootPort is not functional

Ulysses omnichain - User Funds can get locked permanently via making callout without deposit

RestakeToken function is not permissionless

The user is enforced to overpay for the fallback gas when `retryDeposit`

function `restructureCapTable()` in Equity.sol not functioning as expected