[L-01] - hardcoded Uniswap pool fee of 3000 can tamper with user slippage, allow the user to specify what fee tier market he wants to perform swaps on.
[L-02] - use deterministic address creation (CREATE2) to protect against re-orgs
[L-03] - Rebasing tokens probably would not be accepted, but PAXG is a fee-on-transfer token and any transfers involving it can tamper with accounting like user rewards, consider using before and after token balances.
[L-04] - The vault manager contract's initializer is empty, thus the initial values do not get set
[L-05] - Weird erc20s like block-lists, two-address, high or low decimals, would face issues, beware of tokens used.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.