Some tokens enable the direct draining of all approved `ERC20Votes` tokens

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Message channels can be blocked resulting in DoS

`ArbitrumBranchBridgeAgent::_performFallbackCall` Function Does Not Refund Users Their Excess Native Gas Deposit

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

Put settlement can be anticipated and lead to user losses and bonding DoS

Improper precision of strike price calculation can result in broken protocol

The peg stability module can be compromised by forcing lowerDepeg to revert.

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

Inaccurate swap amount calculation in ReLP leads to stuck tokens and lost liquidity

No mechanism to settle out-of-money put options even after Bond receipt token is redeemed.

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

Can not withdraw RDPX if WETH withdrawn is zero

User can avoid paying high premium price by correctly timing his bond call

User that delegate eth to `RdpxV2Core` will incur loss if his delegated eth fulfilled by decaying bonds

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

`reLPContract.reLP()` is susceptible to sandwich attack due to user control over `bond()`

[HF06] `BaseTOFT.sol`: `retrieveFromStrategy` can be used to manipulate other user's positions due to absent approval check.

Refund mechanism for failed cross-chain transactions does not work

Lack of safety buffer between liquidation threshold and LTV ratio for borrowers to prevent unfair liquidations

Incorrect liquidation reward computation causes excess liquidator rewards to be given

`_liquidateUser()` should not re-use the same minimum swap amount out for multiple liquidation

`twTAP.participate()` can be permanently frozen due to lack of access control on host-chain-only operations

`multiHopSellCollateral()` will fail due to call on an invalid market address causing bridged collateral to be locked up

Liquidated USDO from BigBang not being burned after liquidation inflates USDO supply and can threaten peg permanently

Anybody can buy collateral on behalf of other users without having any allowance using the multiHopBuyCollateral()

BigBang and Singularity should not pause repay() and liquidate()

Incorrect refund address for `BaseTOFT.retrieveFromStrategy()` prevents gas refund to user

Incorrect `eligibleAmount` for `AirdropBroker` Phase 3

`BaseTOFTSTrategyModule.strategyWithdraw()` cross chain call will fail due to missing approvals

`BaseTOFT.sendToYBAndBorrow()` will fail when withdrawing the borrowed asset to another chain

`extractTAP()` function can allow minting an infinite amount in one week, leading to a DoS attack in `emitForWeek()`

TOFT `exerciseOption` fails due to not passing `msg.value` properly

Multihop buying and selling of collateral will fail due to missing gas payment

`exitPositionAndRemoveCollateral()` will fail as `MagnetarV2` does not implement `onERC721Received()`

`MagnetarV2#burst` double counts `msg.value` for `TOFT_WRAP` operation, making the transaction revert unless the user overpays

Some actions inside MagnetarV2.burst will not work because msg.value is used inside delegate call

BigBang Contract: The repay function can be DoSed

mTapiocaOFT can't be rebalanced because the Balancer in tapiocaz-audit calls swapETH() or swap() of the RouterETH but does not forward ether for the message fee

`SGLBorrow::repay` and `BigBang::repay` uses `allowedBorrow` with the asset amount, whereas other functions use it with share of collateral

Lack of return value handing in `ArbitrumBranchBridgeAgent._performCall()` could cause users' deposit to be locked in contract

Multiple issues with `retrySettlement()` and `retrieveDeposit()` will cause loss of users' bridging deposits

Missing unwrapping of native token in RootBridgeAgent.sweep() causes fees to be stuck

Reentrancy attack possible on `RootBridgeAgent.retrySettlement()` with missing access control for `RootBridgeAgentFactory.createBridgeAgent()`

Multiple issues with decimal scaling will cause incorrect accounting of hTokens and underlying tokens

DoS of RootBridgeAgent due to missing negation of return values for UniswapV3Pool.swap()

Replenishing gas is missing in `_payFallbackGas` of RootBridgeAgent

USDC blocklist will prevent full liquidation of JUSD debt

`FlashLoanLiquidate.JOJOFlashLoan()` does not have slippage protection for liquidator

`maxColBorrowPerAccount` borrow cap for collateral in JUSDBank can be bypassed

Lack of burn mechanism for JUSD repayments causes oversupply of JUSD

anchorTime() will not work properly on Optimism due to use of block.number

function `restructureCapTable()` in Equity.sol not functioning as expected

Incorrect fee handling in Position.sol's Market Buy/Sell functions

updateStrategyAllocBPS() can cause loss of ActivePool's collateral during an emergency exit

Protocol loses fees because highWaterMark is updated every time someone deposit, withdraw, mint

Owner can collect management fees with a new increased fee for previous time period.

cool down time period is not properly respected for the `harvest` method

Borrower can lose partial fund during minting of Power Token as excess ETH are not refunded automatically

Fee on transfer tokens will not behave as expected

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Possible scenario for Signature Replay Attack

Users may not claim Erc1155 rewards when the Quest has ended

User may loose rewards if the receipt is minted after quest end time

Malicious strategist could deny borrowers from repaying loan and force liquidation by setting a extremely high vault fee

Malicious refinancing attack could lead to suboptimal NFT liquidation

`LienToken`: Lender and liquidator can collude to block auction and seize collateral

Tokens with fee on transfer are not supported in `PublicVault.sol`

Replay attack (EIP712 signed transaction)

DoS of user operations and loss of user transaction fee due to insufficient gas value submission by malicious bundler

Division by zero error can block RewardsPool#startRewardCycle if all multisig wallet are disabled.