All tokens can be stolen from `VirtualAccount` due to missing access modifier

_requireVaultCollateralized() is called at the beginning of the functions mintYieldFee() and liquidate()

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

Malicious user can steal other user's deposits from Vault.sol

Liquidation transactions can potentially fail for all markets

Reentrancy in `USDO.flashLoan()`, enabling an attacker to borrow unlimited USDO exceeding the max borrow limit

Collateral can be locked in BigBang contract when `debtStartPoint` is nonzero

Ability to steal user funds and increase collateral share infinitely in BigBang and Singularity

`SGLLiquidation::_computeAssetAmountToSolvency`, `Market::_isSolvent` and `Market::_computeMaxBorrowableAmount` may overestimate the collateral, resulting in false solvency

`BigBang::repay` and `Singularity::repay` spend more than allowed amount

liquidation will fail if the Seer or Oracle reverts instead of returning false

`totalCollateralShare` state variable not updated in `Singularity` market upon liquidation, resulting in an error on `addCollateral` with skim functionality

Tapioca Bar: Unusable Market Add Functions in Penrose Contract

`TapiocaOptionLiquidityProvision.registerSingularity()` not checking for duplicate assetIds leading to multiple issues.

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

`YieldBox::deposit`, `YieldBox::withdraw` might lock ERC1155 NFT if deposited/withdrawn with less than 1e8 share.

`SGLBorrow::repay` and `BigBang::repay` uses `allowedBorrow` with the asset amount, whereas other functions use it with share of collateral

`UlyssesToken` asset ID accounting error

beforeTokenTransfer called with wrong parameters in LBToken._burn

Variable balance token causing fund lock and loss

Supply cap of VariableSupplyERC20Token is not properly enforced

Incorrect handling of pricefeed.decimals()

Founders can receive less tokens that expected

Truncation in casting can lead to a founder receiving all the base tokens

`Token:mint`: infinite loop if the founders' shares sum up to 100

Proposals can be bricked and Auctions stalled by bad settings

In `Governance.sol`, it might be impossible to activate a new proposal forever after failed to execute the previous active proposal.

TRSRY: front-runnable `setApprovalFor`

`activateProposal()` need time delay

Voted votes cannot change after the user are issued with new votes or the user's old votes are revoked during voting

OlympusGovernance: Users can prevent their votes from being revoked

TRSRY: reenter from OlympusTreasury::repayLoan to Operator::swap

Operator: if WallSpread is 10000, `operate` and `beat` will revert and price information cannot be updated anymore

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

Heart::beat() could be called several times in one block if no one called it for a some time

ERC721Checkpointable: delegateBySig allows the user to vote to address 0, which causes the user to permanently lose his vote and cannot transfer his NFT.

Wrong percent for `FraxlendPairCore.dirtyLiquidationFee`.

[PNM-001] `PARENT_CANNOT_CONTROL` can be bypassed by maliciously unwrapping parent node

transfer() depends on gas consts

ERC1155Fuse: `_transfer` does not revert when sent to the old owner

BytesUtils: compare will not revert when the offset and len exceeds the bytes lengths

Incorrect implementation of `RRUtils.serialNumberGte`

Any fractions deposited into any proposal can be stolen at any time until it is commited

Vault implementation can be destroyed leading to loss of all assets

Fund will be stuck if a buyout is started while there are pending migration proposals

Steal NFTs from a Vault, and ETH + Fractional tokens from users.

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract

Malicious User Could Burn The Assets After A Successful Migration

Migration Module: Re-enter `commit` using custom token

`fallback()` function can bypass permission/auth checks imposed in `execute()`

Buyout Module: `redeem`ing before the update of totalSupply will make buyout's current state success

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Duplicated locked splits can be discarded

Lack of check on `mustStartAtOrAfter`

Use a safe transfer helper library for ERC20 transfers

Fee is being deducted when Put is expired and not when it is exercised.

Create a short call order with non empty floor makes the option impossible to exercise and withdraw

Put option sellers can prevent exercise by specifying zero amounts, or non-existant tokens

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Non view function is called with staticcall in `CErc20Delegator`

Stableswap - Deadline do not work

NibblVault: In the buy function, users can avoid paying fees

`Staking.sol#stake()` DoS by staking 1 wei for the recipient when `warmUpPeriod > 0`

No way to set CURVE_POOL approval after setting new curve pool address

attacker can call sweepRewardToken() when `bribesProcessor==0` and reward funds will be lost because there is no check in sweepRewardToken() and _handleRewardTransfer() and _sendTokenToBribesProcessor()

`canExecTakeOrder` mismatches `makerOrder` and `takerItems` when duplicated items present

`_transferNFTs()` succeeds even if no transfer is performed

Stealing Wrapped Manifest in WETH.sol

WETH.sol computes the wrong totalSupply()

Anyone can create Proposal Unigov Proposal-Store.sol

It's not possible to execute governance proposals through the GovernorBravoDelegate contract