# Alchemix V3

## Reports by Severity

<details>

<summary>Critical</summary>

* \#57774 \[SC-Critical] Redemption Earmark Mechanism Can Be Permanently Blocked via Single-Block Earmark Calls
* \#58793 \[SC-Critical] Repayment Fee Overpayment from Global Collateral Pool
* \#57093 \[SC-Critical] Potential Locked Funds Due to Partial Redeem Shortfall and miss calculation, lead to user loss their myt token forever.
* \#58276 \[SC-Critical] Uncapped \`feeInYield\` in \`\_resolveRepaymentFee\` allows for collateral theft from other depositors
* \#58518 \[SC-Critical] Liquidation will steal Repayment Fee from Innocent Users Funds
* \#57122 \[SC-Critical] Mismatch Between Capped Fee and Returned Fee in \`\_resolveRepaymentFee\`
* \#58531 \[SC-Critical] QueryGraph function Zero-Return Bug causing Tracking Earmarking Failure Over Progressive Block Intervals
* \#58288 \[SC-Critical] Incorrect Fee Payment Logic Leads to Underpayment
* \#58306 \[SC-Critical] Repayment Fee Not Adjusted for Insufficient Collateral
* \#57360 \[SC-Critical] Unreconciled repayment fee transfer enables MYT overpayment and TVL inflation
* \#56435 \[SC-Critical] AlchemistV3: repayment‑only liquidation pays liquidator from pool (fee leak) → theft of unclaimed yield
* \#58688 \[SC-Critical] \`AlchemistV3::\_liquidate\` can steal other users’ collateral
* \#58320 \[SC-Critical] Incorrect Fee Return Value in \_resolveRepaymentFee Enables Fund Theft Under Extreme Conditions
* \#58683 \[SC-Critical] There is an issue in earmarked debt eeduction in the repay() can causes a permanent fund freeze
* \#58447 \[SC-Critical] Unfair Collateral Loss Through Socialized Redemption Costs
* \#58573 \[SC-Critical] AlchemistV3 Repayment Fee Cross-Account Theft Vulnerability
* \#58413 \[SC-Critical] Attacker/user can prevent Earmark from updating the earnmarkweight causing the transmuter action to repay det gradually to fail for all users
* \#56732 \[SC-Critical] Incorrect boundary condition in queryGraph leads to systematic under-earmarking and transmuter redemption fund loss
* \#56385 \[SC-Critical] Repayment fee can be paid from the pool even when the account has no collateral left
* \#57590 \[SC-Critical] Double-counted Transmuter cover in \`redeem()\` allows overstated redemptions and potential over-withdraw/over-borrow
* \#58724 \[SC-Critical] Partial Redemption Burns Full Position — Accounting Desynchronization and Potential Underpayment in Transmuter.claimRedemption()
* \#56794 \[SC-Critical] Liquidators can be overpaid due to accounting error
* \#58507 \[SC-Critical] Repayment fee after forceRepay could result in socialized loss during global undercollateralization
* \#56965 \[SC-Critical] AlchemistV3 handling of added Transmuter coverage includes an error that enables an attacker to cause protocol insolvency
* \#56519 \[SC-Critical] Unchecked repayment fee transfer in \`\_liquidate\` pays liquidators from other users’ collateral
* \#58280 \[SC-Critical] Repayment's fee is charged from other users causing the contract to fail when the myt total balance of a user cannot cover the fee
* \#57053 \[SC-Critical] Integer Division Precision Loss in normalizeDebtTokensToUnderlying Leads to Permanent Collateral Locking
* \#57662 \[SC-Critical] portion of users alAsset amount that staked in transmuter can be lost forever when \`amount > cumulativeEarmarked\`
* \#58626 \[SC-Critical] Repayment Fee Overpayment in Liquidation Repay-Only Path
* \#58163 \[SC-Critical] Total loss of user Funds in claim redemption
* \#58757 \[SC-Critical] Forgotten cover in \_earmark() causes systematic over-earmarking and temporary freezing of user collateral
* \#58125 \[SC-Critical] Repayment Fee Overpayment from Pooled Collateral
* \#58443 \[SC-Critical] Incorrect Consumption of Yield Cover in redeem, Leading to Reuse of Accrued Yield
* \#58772 \[SC-Critical] \`\_resolveRepaymentFee\` overpays liquidators when collateral is gone, letting attackers drain MYT
* \#58323 \[SC-Critical] The Alchemist::burn function experiences precision loss, resulting in the avoidance of protocol fees
* \#57582 \[SC-Critical] Calling \_earmark one block apart skips the block's earmark value
* \#58689 \[SC-Critical] Incorrect deduction logic in \`AlchemistV3::redeem()\` may lead to insufficient contract collateral
* \#56702 \[SC-Critical] \`claimRedemption\` would not return all alAsset that is not get converted to MYT in some case
* \#58270 \[SC-Critical] incorrect handling of debt cover in redeem can affect early liquidation and incorrectly sync accounts
* \#57916 \[SC-Critical] Repay removes earmark, meant to be reducing debt while collateral is still reduced
* \#56491 \[SC-Critical] User Collateral Loss Triggered by setMinimumCollateralization Update
* \#57617 \[SC-Critical] Protocol-paid repayment fee transfer allows draining of protocol MYT (yield)
* \#57973 \[SC-Critical] repay doesnt set lastTransmuterTokenBalance leading to the same balance covering earmark twice
* \#58301 \[SC-Critical] Accounting Issue in Liquidation Logic After Force Repay we charge repayment fee even if collateral balanc cannot account for it
* \#58036 \[SC-Critical] Incorrect Fee Deduction May Drain Collateral Pool When Account Balance Is Insufficient
* \#57852 \[SC-Critical] Old borrowers steal from new borrowers after redemptions are claimed
* \#57066 \[SC-Critical] A malicious actor can keep calling \`poke\` at every block to prevent collateral earmarking exposing transmuter users to delayed redemptions and loss of funds
* \#58564 \[SC-Critical] Earmarked funds fail to accumulate when \_earmark is called in consecutive blocks
* \#58544 \[SC-Critical] it is possible to underflow on \`\_sync\` making positions bricked forever
* \#56365 \[SC-Critical] Liquidation Fee Overdraft Drains Pooled Collateral
* \#56622 \[SC-Critical] Repayment Fee Overpays Liquidators Using Pooled Collateral After \_forceRepay
* \#56740 \[SC-Critical] Unbounded Liquidation Fee Allows Theft of Shared Collateral
* \#57330 \[SC-Critical] \_resolveRepaymentFee returns initial fee when fee is greater collateral balance
* \#58338 \[SC-Critical] AlchemistV3 Repayment Fee Can Exceed Remaining Collateral Leading to Position Insolvency
* \#56798 \[SC-Critical] Flash-Vote Exploit Drains All Funds via AlchemistAllocator
* \#58131 \[SC-Critical] Rounding Errors in Debt-to-Collateral Conversions Allow Attackers to Drain Protocol Assets
* \#58101 \[SC-Critical] Repayment-only liquidation overpays fee from pooled collateral
* \#57101 \[SC-Critical] Same-block earmark early-exit leaves stale transmuter balance, causing under-earmarking
* \#58127 \[SC-Critical] Users can invoke the poke() function whenever the lastEarmarkDebtBlock is exactly one block behind the current block.number which lead to affecting users earmarked debt
* \#58399 \[SC-Critical] Precision Loss in badDebtRatio Calculation Causes Overpayment and DOS
* \#57138 \[SC-Critical] Protocol subsidizes repayment fees during liquidation
* \#57441 \[SC-Critical] Repay-Only Fee Drain in AlchemistV3
* \#56555 \[SC-Critical] User can avoid Bad Debt ratio scaling when claiming redeem, leading to protocol insolvency
* \#57587 \[SC-Critical] \_earmark() reduction of transmuterDifference does not always account for the full transmuter balance diff which can cause permanent earmark to accrue in Alchemist
* \#58234 \[SC-Critical] There is a problem related ot Repayment Fee Overpayment can lead to Protocol Insolvency
* \#58464 \[SC-Critical] Repayment fee paid from protocol funds when user collateral is depleted
* \#58138 \[SC-Critical] Liquidator fees could surpass the user remaining collateral resulting in protocol insolvency

</details>

<details>

<summary>High</summary>

* \#58755 \[SC-High] Users position that are synced at certain times overestimate collateralBalance of the position
* \#56571 \[SC-High] Inflated claim payouts from double-counted MYT after liquidation
* \#57036 \[SC-High] Unconditional Debt Reduction Before Protocol Fee Check in Force Repayment
* \#57041 \[SC-High] Deallocation Accounting Mismatch Between Vault and Adapter
* \#58004 \[SC-High] Protocol Insolvency from \`cumulativeEarmarked\` During \`\_forceRepay()\`
* \#58526 \[SC-High] Missing accounting update in liquidation functions leads to permanent DOS on deposits
* \#58466 \[SC-High] Liquidation Fee Payment Failure Due to Redundant wrong Collateral Check
* \#58471 \[SC-High] Accounting error in \`\_forceRepay\`/\`\_doLiquidation\` overstates TVL, enabling under-scaled redemptions and potential insolvency
* \#58474 \[SC-High] Liquidator will bypass liquidation fees affecting protocol revenue
* \#56827 \[SC-High] Missing Global Earmark Reduction in \_forceRepay
* \#57633 \[SC-High] Block-gated \_earmark() call in redeem() nullifies prefunded Transmuter cover on the first redemption of each block, leading to collateral overpayment and potential protocol insolvency
* \#57288 \[SC-High] Flawed rounding logic in TokeAutoEth deallocate function causes permanent freezing of funds
* \#57172 \[SC-High] Missing \_mytSharesDeposited Decrements in Liquidation Flows Causes Accounting Divergence
* \#58450 \[SC-High] Missing Transmuter Balance Update After Redemption Blocks Future Earmarking and Underfunds Redemptions
* \#57308 \[SC-High] AlchemistV3 does not update \`\_mytSharesDeposited\` when performing liquidation, causing global accounting and liquidation logic mismatch
* \#56402 \[SC-High] \`killSwitch\` leaves vault assets stranded and blocks withdrawals
* \#58113 \[SC-High] StargateEthPoolStrategy.realAssets return false real assets
* \#58394 \[SC-High] MEV opportunity because no slippage protection in TokeAutoEthStrategy
* \#57510 \[SC-High] Stale Locked Collateral Tracking During Price Appreciation Causes Disproportionate Redemption Losses
* \#57345 \[SC-High] Missing cumulativeEarmarked Decrement in \_forceRepay Breaks Earmarking Invariant Leading to Unfair Redemption Burden Distribution
* \#58547 \[SC-High] Mismatched Accounting and Transfer for Capped Fees
* \#58337 \[SC-High] Incorrect Handling of cumulativeEarmarked in \_forceRepay leads to inflated survival accumulator.
* \#57745 \[SC-High] Syn fails to update the rawLocked valuation leading to a loss of fund for users with rawlock > 0 when total lock become 0.
* \#58572 \[SC-High] Liquidation of account \`\`collateral\`\` doesn't subtract \`\`\_mytSharesDeposited\`\` which creates bad debt in the system and causes \`\`insolvency\`\`.
* \#58409 \[SC-High] ## \[HIGH] Arithmetic Underflow in \`MYTStrategy.sol\`'s \`deallocate()\` Check Prevents Yield Withdrawal
* \#57954 \[SC-High] Lackf of tracking of excess cover in \`\_earmark\` function leads to permanent loss of cover value and stuck user positions.
* \#57460 \[SC-High] Protocol fails to subtract fee from total locked when burning and repaying
* \#58425 \[SC-High] Missing slippage protection when depositing to TokeAuto strategies
* \#57559 \[SC-High] Missing \`\_mytSharesDeposited\` Decrement in Liquidation Paths Enables Theft of Unclaimed Yield and Protocol Insolvency
* \#58387 \[SC-High] Liquidator Fee in the \_doliquidation Function Withheld When Collateral Is Exhausted Leading to Seized Fee Trapped in Protocol
* \#57447 \[SC-High] Untracked MYT outflows inflate TVL causing liquidation suppression
* \#57148 \[SC-High] \`\_mytSharesDeposited\` variable is not correctly updated during liquidations, leading to wrong assumptions and incorrect bad debt calculation in the Transmuter.
* \#58763 \[SC-High] Accounting is broken when redeem() is bypassed due to Transmuter balance
* \#58398 \[SC-High] No Slippage Protection on Large Allocation Deposits
* \#57751 \[SC-High] There is a problem related to forced liquidation branch and this creates issue thatk cna drains protocol backing
* \#56727 \[SC-High] Underlying increase in forced repayments leads to insolvency
* \#56673 \[SC-High] Zero-cost fee farming via forced earmarked repayment
* \#58736 \[SC-High] Missing TVL Accounting in \_forceRepay and \_doLiquidation Leads to Protocol Insolvency
* \#58274 \[SC-High] Liquidation fee logic in \`\_doLiquidation\` strands liquidator rewards when balance is exhausted, freezing funds
* \#56714 \[SC-High] Accounting Invariant Violation in \_forceRepay Leads to Protocol Insolvency
* \#57730 \[SC-High] Liquidation Does Not Decrease mytSharesDeposited
* \#56363 \[SC-High] \`\_mytSharesDeposited\` not correctly updated in all cases, leading to incorrect protocol collateralization and reduced liquidation incentives
* \#56395 \[SC-High] Accounting desync in liquidation outflows leads to artificial deposit cap exhaustion and denial-of-Service on recapitalization
* \#58236 \[SC-High] Accounting mismatch: \`\_forceRepay\`/\`\_doLiquidation\` fail to decrement \`\_mytSharesDeposited\`, locking deposit capacity and overstating collateral
* \#58098 \[SC-High] There is a problem from ledger TVL sesync inliquidations cause a under-liquidation and systemic insolvency risk
* \#56824 \[SC-High] Missing update to \_mytSharesDeposited during liquidation
* \#58354 \[SC-High] \`\_forceRepay\` does not decrement \`\_mytSharesDeposited\`, causing a temporal blocking of new deposits
* \#58771 \[SC-High] Incorrect Tracking of Total Deposited Yield Tokens (\_mytSharesDeposited) in Liquidation and Force Repayment Paths
* \#56552 \[SC-High] Liquidation fee misrouting in AlchemistV3.\_doLiquidation() leads to theft of unclaimed yield (liquidator fee stranded)
* \#57530 \[SC-High] Stale TVL Accounting in Liquidations Leads to Protocol Insolvency
* \#57668 \[SC-High] Missing collateral tracking update during liquidation leads to inflated total value calculation and delayed under-collateralization protection
* \#58192 \[SC-High] TokeAutoEth Strategy Tokens Locked When AutoPool(router) Enforces maxDeposit Cap
* \#57129 \[SC-High] Missing \_mytSharesDeposited Decrement in Liquidation Functions Causes Permanent TVL Inflation
* \#58358 \[SC-High] Mismatched CollateralWeight and rawLocked Causes Incorrect Collateral Removal in Sync
* \#57941 \[SC-High] Incorrect handling of deallocate return val causes any interest gains in a strategy to become unclaimable and permanently locked
* \#58269 \[SC-High] Liquidator Fee Not Paid When Fee Equals Surplus
* \#56672 \[SC-High] Inconsistent MYT share accounting leads to under-liquidation and solvency risk
* \#57907 \[SC-High] Incorrect forced-repayment accounting allows debt forgiveness and frees locked collateral (systemic loss)
* \#57585 \[SC-High] AlchemistV3 does not properly update CDP collateralBalance when redemptions exceed \_totalLocked which enables some CDPs to over-withdraw collateral on account of others
* \#58347 \[SC-High] Accounting Drift Due to Missing \`\_mytSharesDeposited\` Decrements During Liquidation
* \#57930 \[SC-High] Allocation tracking underflow in strategy deallocation Leads to protocol insolvency
* \#56817 \[SC-High] ForceRepay doesn't decrement \_mytSharesDeposited, inflating TVL
* \#58112 \[SC-High] A malicious user can avoid getting penalized upon a Transmuter redemption by depositing and withdrawing collateral in the Alchemist
* \#58628 \[SC-High] Attackers Can Avoid Redemption Losses By Temporarily Burning and Re-Borrowing The Debt
* \#57088 \[SC-High] Unscaled collateral accounting in redeem lets users withdraw more than intended
* \#57726 \[SC-High] AlchemistV3: MYT TVL accounting drift on liquidation/forceRepay blocks deposits via depositCap (Medium — Smart contract unable to operate due to lack of token funds)
* \#58396 \[SC-High] Total locked is not cleared proportionally to the total debt, this forces the collateral weight to become incorrect and new users transmuter redeem repayment will repay more debt fo...
* \#57950 \[SC-High] Unit Mismatch in \_addDebt() Collateralization Check Allows Unbacked Debt Issuance and Protocol Insolvency
* \#57963 \[SC-High] Incorrect \_mytSharesDeposited Accounting in liquidate() Allows Theft of User Funds via Corrupted Bad Debt Ratio
* \#58070 \[SC-High] Forced-repay accounting lets borrowers erase debt without paying equivalent assets (protocol deficit / insolvency)
* \#57632 \[SC-High] Inflated TVL in \_mytSharesDeposited hides protocol insolvency
* \#57970 \[SC-High] \_forceRepay Leaves \`cumulativeEarmarked\` Stale
* \#58435 \[SC-High] Systemic Accounting Bug Leads to Protocol Insolvency
* \#57793 \[SC-High] \`cumulativeEarmarked\` variable is not updated in \`\_forceRepay\` function, breaking core internal logic and leading to user funds being stuck.
* \#57102 \[SC-High] TVL Overstatement from \_mytSharesDeposited Desync Enables Softened Liquidations & No‑Haircut Over‑Redemptions (Transmuter)
* \#58086 \[SC-High] Mis-accounting of MYT outflows inflates TVL, distorts collateralization, and can DoS deposits/liquidations
* \#58442 \[SC-High] Liquidation Breaks Core Accounting Invariant: Missing cumulativeEarmarked Update in \_forceRepay() Causes Permanent State Drift
* \#57995 \[SC-High] Missing Slippage Protection in TokeAutoUSDStrategy Allocation Function Leads to Permanent Value Loss
* \#56678 \[SC-High] Missing Internal MYT Shares Accounting in Liquidation Functions Causes Deposit Blocking and Protocol Insolvency Risk Through Inflated TVL Calculations
* \#57464 \[SC-High] Incorrect accounting in stargate strategy causes protocol insolvency and user liquidations
* \#58369 \[SC-High] Missing \_mytSharesDeposited Decrements in \_forceRepay/\_doLiquidation Leads to Smart Contract Unable to Operate Due to Lack of Token Funds
* \#57152 \[SC-High] Assets Permanently Locked Due to KillSwitch Flag
* \#58792 \[SC-High] the cumulativeEarmark does not decrease in \_forceRepay which lead to transfer more collateral from users even when all earmark debt cleared which breaks the alchemix v3 core logic
* \#58019 \[SC-High] Flawed killSwitch Implementation in MYTStrategy Leads to Permanent Loss of Funds
* \#57860 \[SC-High] Incorrect \`\_mytSharesDeposited\` accounting inflates collateral and underreports bad debt, enabling insolvency
* \#57861 \[SC-High] Missing Slippage Protection in Tokemak Autopool Allocation Functions Leads to Direct Theft of User Funds
* \#58452 \[SC-High] MYTStrategy Allocation underflow in deallocate() when allocation + profits exceed old allocation
* \#57197 \[SC-High] Incorrect \_totalLocked Reduction
* \#57604 \[SC-High] Nominal accounting mismatch in Moonwell strategies leads to permanent locking of all generated yield
* \#57212 \[SC-High] \_totalLocked is not properly decremented in the redeem function causing system insolvency.
* \#58324 \[SC-High] Incorrect Return Value in \_deallocate Function Leads to Permanent Fund Locking in MYTStrategy Implementations
* \#58363 \[SC-High] Accounting Corruption in Liquidations Due to Missing Global Counter Update
* \#57972 \[SC-High] liquidation doesn't update \_mytSharesDeposited
* \#58472 \[SC-High] Liquidator Base Fee Seized but Not Paid Due to Post‑Deduction Balance Check
* \#56815 \[SC-High] Missing \`\_mytSharesDeposited\` Decrements in Internal Outflows cause TVL Inflation & Deposit DoS
* \#56359 \[SC-High] Permanent Deposit Freeze After \_forceRepay() Misaccounts Freed Shares
* \#58615 \[SC-High] \_mytSharesDeposited didn't get updated after \_forceRepay && \_doLiquidation called
* \#58275 \[SC-High] account.rawLocked not clear even when debt is clear
* \#57725 \[SC-High] # \`AlchemistV::liquidate\` is not updating the \`\_mytSharesDeposited\` which makes it inflated and can cause deposits DoS and liquidations malfunction that may cause protocol insolvency.
* \#58794 \[SC-High] Hardcoded 0 amount as the minSharesOut to depositMax(...) function call does not provide slippage protection
* \#57506 \[SC-High] force repay don't update cumulativeEarmarked variable
* \#56936 \[SC-High] Missing \`\_mytSharesDeposited\` decrements on repay/liquidation → TVL drift, false over‑collateralization, and deposit‑cap DoS
* \#56389 \[SC-High] \`\_mytSharesDeposited\` is not updated on liquidation outflows which could lead to solvency illusion and misreported global ratios
* \#58519 \[SC-High] Double Counting of Collateral Due to \`\_mytSharesDeposited\` not being updated during liquidations
* \#57760 \[SC-High] MytStrategy.\_allocate/\_deallocate doesnt account for profit and loss
* \#56776 \[SC-High] TVL Manipulation via Missing \_mytSharesDeposited Decrement in Liquidations
* \#57553 \[SC-High] \_mytSharesDeposited is not updated in liquidations which breaks bad debt ratio/alchemistCR calculations and causes failures in bad debt handling and liquidation handling
* \#58067 \[SC-High] Asymmetric deallocation in TokeAutoEthStrategy leads to permanent WETH funds stuck in strategy
* \#58754 \[SC-High] Missing \`\_mytSharesDeposited\` decrements in \`AlchemistV3\` \`\_forceRepay\`/\`\_doLiquidation\`
* \#58177 \[SC-High] Transmuter::claimRedemption cant update \_mytSharesDeposited leading to permanent underlying value state inside Alchemist
* \#57787 \[SC-High] asset can be transferred to strategies even when the killSwitch enabled without posibility to use this funds for allocation
* \#57189 \[SC-High] AlchemistCurator contract not implement setForceDeallocatePenalty
* \#56845 \[SC-High] The deposit will be reverted because \`\_mytSharesDeposited\` references an outdated value
* \#57918 \[SC-High] Incorrect \`totalLocked\` Collateral Accounting in AlchemistV3
* \#58658 \[SC-High] cumulativeEarmarked not updated
* \#56809 \[SC-High] Vulnerable redemption survival ratio in \_sync allows theft of alTokens
* \#56442 \[SC-High] Inflated \`\_totalLocked\` because vault yield accrual would skew \`\_collateralWeight\` calculation
* \#58035 \[SC-High] killSwitch early-return in strategy causes vault-to-adapter asset leakage, mis-accounting, and deallocation DOS
* \#56956 \[SC-High] Lack of slippage control in Tokemak strategies can make MYT suffer losses on allocation
* \#58010 \[SC-High] Slippage tolerance not enforced in TokeAutoUSDStrategy
* \#56560 \[SC-High] Liquidation base fee transfer is gated by a condition that’s usually false
* \#57883 \[SC-High] \_mytSharesDeposited Updates in Liquidation Functions Leads to Critical TVL Inflation
* \#58129 \[SC-High] Missing \_mytSharesDeposited Update in \_forceRepay() Causes Accounting Inconsistency which can DOS deposit and Liquidation
* \#57544 \[SC-High] \`\_mytSharesDeposited\` is not reduced upon fee transfers to protocol
* \#58116 \[SC-High] TVL Accounting Mismatch Leading to Protocol Insolvency
* \#58260 \[SC-High] Inconsistent collateral accounting where Force-Repay/Liquidation transfer out MYT without adjusting TVL
* \#57740 \[SC-High] EulerETH strategy will have WETH locked in the strategy contract
* \#58215 \[SC-High] Funds Can Become Permanently Stuck in Adapter When Kill Switch is Enabled
* \#58346 \[SC-High] \_forceRepay() fails to decrement cumulativeEarmarked, breaking earmark invariant and skewing redemptions
* \#58196 \[SC-High] AaveV3ARBUSDCStrategy strategy will have its reward stuck in Aave USDC
* \#57369 \[SC-High] Deallocation may revert due to an underflow
* \#56516 \[SC-High] allocate assets in killSwitch mode can lead to assets stuck on contract
* \#57825 \[SC-High] Forced repay cover enables double-counted debt reduction in redeem
* \#56923 \[SC-High] Missing cumulativeEarmarked Update in \_forceRepay Causes Incorrect Debt Accounting in AlchemistV3
* \#57678 \[SC-High] Liquidation fee is deducted from user but not paid to liquidator
* \#58150 \[SC-High] Missing Slippage Protection in \`TokeAutoUSDStrategy::\_allocate\` Leads to Direct Theft of User Funds via MEV Sandwich Attacks
* \#58266 \[SC-High] Partial liquidation strands base fee due to post-seizure balance check
* \#58782 \[SC-High] Rewards earned by EulerARBUSDCStrategy will not be withdrawable from Euler pool on Arbitrum
* \#57692 \[SC-High] AlchemistV3 Liquidation Fee Loss Vulnerability
* \#58524 \[SC-High] When liquidating, there are cases where the Fee is not paid to the liquidator.
* \#56757 \[SC-High] Incorrect leftover-collateral check blocks liquidator fee payment leading broken incentives & delayed deleveraging
* \#58742 \[SC-High] Liquidators will not earn fees in some cases
* \#58759 \[SC-High] Yield Stuck in Adapter Contracts Forever
* \#58781 \[SC-High] \_totalLocked Accounting Mismatch Leading to Token Balance Deficit in AlchemistV3
* \#58780 \[SC-High] WETH Yield will be locked on AaveWETH pool on Arbitrum
* \#57680 \[SC-High] PeapodsETHStrategy unable to withdraw yield from price share increase
* \#57476 \[SC-High] \_forceRepay() fails to decrement global cumulativeEarmarked
* \#58522 \[SC-High] Earmark consumes excess cover, inflating cumulativeEarmarked
* \#56975 \[SC-High] Liquidation Fee Trapping in AlchemistV3
* \#58383 \[SC-High] Due to \`cumulativeEarmarked\` not being updated in \`Alchemix::\_forceRepay\` user funds are locked longer due to slower debt decay and Calculation of System Collaterization Rate is Inc...
* \#58769 \[SC-High] \`\_forceRepay\` fails to decrement global \`cumulativeEarmarked\`, causing redemption accounting desynchronization and potential protocol-wide redemption halt
* \#58799 \[SC-High] \`\_forceRepay\` does not reduce \`cumulativeEarmarked\` which leads to wrong accounting: users debts are incorrectly higher which can cause wrongful liquidations
* \#57704 \[SC-High] Missing Global State Update in \_forceRepay Leads to Permanent Freezing of Unclaimed Yield
* \#57023 \[SC-High] Global earmark not reduced in \_forceRepay lets redeem() over-burn global debt (cross-account leakage, protocol insolvency)
* \#58635 \[SC-High] \`\`cumulativeEarmarked\`\` is not subtracted in \`\`\_forceRepay()\`\`.
* \#57532 \[SC-High] Assets are not accounted for when the contract is in killSwitch mode
* \#57849 \[SC-High] Funds gets stuck even when killswitch is enabled
* \#58723 \[SC-High] \`cumulativeEarmarked\` is not updated at \`\_forceRepay\`
* \#58534 \[SC-High] Zero Slippage Protection in Toke strategies Allocation
* \#58702 \[SC-High] No slippage provided in Auto strategy implementation will open room for MEV attacks
* \#56902 \[SC-High] Strategy Adapter \`AaveV3OPUSDCStrategy\` would not work well with aToken rebasing mechanism
* \#58287 \[SC-High] \_mytSharesDeposited is not updated on some token transfer
* \#58768 \[SC-High] \`\_mytSharesDeposited is not updated during liquidations, breaking core accounting
* \#56791 \[SC-High] Missing \`\_mytSharesDeposited\` Decrements in Token Transfers
* \#58207 \[SC-High] AlchemistV3 \_mytSharesDeposited Not Reduced When Repaid Collateral Sent to Transmuter
* \#57378 \[SC-High] Impossible to withdraw yield from strategies
* \#58530 \[SC-High] Protocol insolvency via stale \`\_totalLocked\`: zeroed \`\_totalLocked\` prevents \`\_collateralWeight\` update in \`redeem()\` leading to missed collateral haircut
* \#58061 \[SC-High] Incorrect collateral and fee Check in \_doLiquidation Allows Liquidator to loose fee.
* \#57196 \[SC-High] Artificially inflated \`\_mytSharesDeposited\` in \`AlchemixV3.sol\` deflates bad debt ratio in \`Transmuter.sol\`
* \#58502 \[SC-High] Deposit cap denial of service due to stale \_mytSharesDeposited during liquidation
* \#58491 \[SC-High] \_mytSharesDeposited Not Reduced on Liquidation, leading to Deposit Cap Bypass and potential insovency
* \#56628 \[SC-High] \`\_liquidate\` does not update \`\_mytSharesDeposited\` that is reduced by fees
* \#58395 \[SC-High] Repayment fee exit leaves \`\_mytSharesDeposited\` inflated, hiding protocol insolvency
* \#57533 \[SC-High] Inaccurate TVL Calculation Prevents Liquidations, Leading to Protocol Insolvency Risk
* \#58606 \[SC-High] Missing collateral accounting in liquidation leads to inflated bad debt calculations
* \#56545 \[SC-High] Force Repayment Leaves Stale Global Earmarks, Freezing Transmuter Redemptions
* \#56719 \[SC-High] The function \_forcerepay reduces debt before clamp, creating unbacked loan forgiveness and protocol insolvency
* \#57977 \[SC-High] Inconsistent rawLocked State of a user after subdebt Leads to Irrecoverable User Collateral Loss

</details>

<details>

<summary>Medium</summary>

* \#56751 \[SC-Medium] StargateEthPoolStrategy deallocate function redeem less weth than expected
* \#56692 \[SC-Medium] \`ZeroXSwapVerifier\` verification will always revert due to wrong hardcoded execution function selectors
* \#57096 \[SC-Medium] The implementation of TokeAutoEth::\_allocate is incorrect
* \#56839 \[SC-Medium] Moonwell Strategies Fail to Check Compound Error Codes Causing Silent Allocation Failures
* \#57311 \[SC-Medium] Moonwell allocation and deallocation can fail silently, causing incorrect state updates and loss of yield
* \#57331 \[SC-Medium] Conditional ETH Wrapping Logic Causes Withdrawal DoS in MoonwellWETH and StargateETH Strategies
* \#58741 \[SC-Medium] Action function signatures to 0x Settler are wrong
* \#58231 \[SC-Medium] Attacker can stop protocol from allocating assets to the AutoETH vaults
* \#57167 \[SC-Medium] Missing \`claim\` Function in Euler and Morpho strategies Leads to Loss of Yield Rewards
* \#58273 \[SC-Medium] Incorrect Hardcoded 0x Settler Function Selectors
* \#56859 \[SC-Medium] LP/underlying mismatch in \`StargateEthPoolStrategy::\_deallocate\` causes withdrawal DoS
* \#58336 \[SC-Medium] Additive Update to Survival Accumulator Causing Overflow
* \#58707 \[SC-Medium] Moonwell strategy \_allocate() does not revert when mint fails which can result in a sudden drop in Myt share price and consequently sever under-collateralization
* \#56873 \[SC-Medium] Incorrect ETH Wrapping Condition in MoonwellWETHStrategy.\_deallocate() Leads to Temporary Freezing of Funds
* \#56522 \[SC-Medium] \`TokeAutoUSDStrategy::\_allocate()\` and \`TokeAutoEthStrategy::\_allocate()\` may suffer a denial-of-service (DoS) due to token amount mismatch in \`AutopilotRouter::depositMax()\`
* \#58456 \[SC-Medium] Account Can Enter Unliquidatable State with Residual Debt
* \#58645 \[SC-Medium] Incorrect WETH Wrapping Amount in \`MoonwellWETHStrategy.\_deallocate()\` Wraps \`ethRedeemed\` Instead of \`amount\`
* \#57957 \[SC-Medium] Loss of EulerETH vault yields for Euler WETH Strategy
* \#57788 \[SC-Medium] Missing \`\_claimRewards()\` Implementation in AaveV3ARBUSDCStrategy Leads to Permanent Loss of Aave Incentive Rewards
* \#58203 \[SC-Medium] Moonwell Strategies Silent Failure Due to Unchecked mint() and redeemUnderlying() Return Values
* \#56855 \[SC-Medium] Liquidations Fail With Arithmetic Underflow When Forced Repayment Exhausts Collateral
* \#58093 \[SC-Medium] MORPHO reward in \`MorphoYearnOGWETH\` will be lost or stuck
* \#58006 \[SC-Medium] \`MoonwellUSDCStrategy.\_allocate\` ignores Compound-style mint failures and corrupts vault accounting
* \#58773 \[SC-Medium] In Stargate Incorrect Allocation Cap Accounting Leading to Unnecessary DoS
* \#58449 \[SC-Medium] TokeAutoEth Strategy Balance-Approval Mismatch DOS
* \#57867 \[SC-Medium] ZeroXSwapVerifier erroneously rejects Uniswap v3 swaps due to an an incorrect selector
* \#58605 \[SC-Medium] Missing \_claimRewards in AaveV3ARBUSDCStrategy leads to permanent freezing of accrued Aave incentives
* \#57752 \[SC-Medium] Aave and Euler incentives for MYT will be lost due to unimplemented \`\_claimRewards\` function
* \#58081 \[SC-Medium] Missing check in function \`AlchemistV3::setMinimumCollateralization\` could lead to set \`minimumCollateralization > globalMinimumCollateralization\`.
* \#58291 \[SC-Medium] Unlike setters collateralization functions, AlchemistV3::initialize doesnt enforce collateralization invariants allowing to break them
* \#58168 \[SC-Medium] Safe Position Liquidation Vulnerability in AlchemistV3 When minimumCollateralization Equals collateralizationLowerBound
* \#58616 \[SC-Medium] Liquidation can revert due to 0 amount fee withdraw
* \#56800 \[SC-Medium] Minimum collateral change lets liquidators seize compliant accounts
* \#57335 \[SC-Medium] Zero min-out ERC-4626 deposits cause under-mint and permanent allocation loss
* \#58728 \[SC-Medium] When the strategy is at a loss, the assets cannot be withdrawn
* \#57511 \[SC-Medium] Protocol could atleast be taking a part of the protocol fee
* \#58611 \[SC-Medium] Double-counting of earmarked debt repayments as cover leads to user funds being stuck and protocol insolvency.
* \#58515 \[SC-Medium] A liquidated position can end the liquidation process still below \`collateralizationLowerBound\`, allowing for double liquidation of positions.
* \#57272 \[SC-Medium] Silent Failures on Moonwell Deposit are not catched by strategy
* \#58787 \[SC-Medium] When allocation amount is greater than the maxDeposit of TokeAutoETh.sol, the remaining is stuck in TokeAutoEth.sol
* \#58087 \[SC-Medium] MoonwellUSDCStrategy ignores redeemUnderlying error codes → temporary freezing of funds (withdrawals revert)
* \#58730 \[SC-Medium] An attacker can prevent any TokenAuto strategy allocation by making a donation to the vault of as little as 1 wei of underlying token
* \#58181 \[SC-Medium] A griefer can cause a permanent DoS in TokeAutoETH/TokeAutoUSDCStrategy::allocate.
* \#56775 \[SC-Medium] Permanent freezing of funds from precision/dust + strict deallocation check
* \#58209 \[SC-Medium] Lack of Slippage Protection in Transmuter.claimRedemption and AlchemistV3.withdraw Leads to User Yield Losses
* \#56878 \[SC-Medium] The permissionedCalls check can be bypass
* \#57017 \[SC-Medium] \`AaveV3ARBWETHStrategy\`cant claim AAVE incentive
* \#57770 \[SC-Medium] Admin Can Bypass \`permissionedCalls\` Protection Using Multicall
* \#58751 \[SC-Medium] \`setMinimumCollateralization\` allows for increasing the current \`minimumCollateralization\` , instantly exposing users to risk of liquidation
* \#58185 \[SC-Medium] Incorrect \_survivalAccumulator accounting logic after \_earmarkWeight reaches 128 breaks core system invariants and can lead to protocol insolvency
* \#56706 \[SC-Medium] StargateEthPoolStrategy Incomplete ETH Wrapping Causes Withdrawal DoS
* \#57526 \[SC-Medium] \`StargateEthPoolStrategy\` rounding mismatch freezes \`VaultV2\` allocations
* \#57565 \[SC-Medium] The amount of dust will be permanently locked in \`StargateEthPoolStrategy\`
* \#58022 \[SC-Medium] Accounting Mismatch and Fund Stuck Due to Dust ETH on StargateEthPoolStrategy
* \#58427 \[SC-Medium] \`StargateEthPoolStrategy::\_allocate()\` and \`\_deallocate()\` Inconsistent Dust Handling Causes ETH to be Permanently Locked in Strategy Contract
* \#58105 \[SC-Medium] ZeroXSwapVerifier decodes execute payload with wrong ABI (bytes vs bytes\[]) → temporary freezing of funds
* \#57183 \[SC-Medium] Missing Incentive Rewards Claiming in Multiple Strategy Contracts
* \#57812 \[SC-Medium] No function to claim Aave Incentives
* \#58239 \[SC-Medium] Missing Aave incentives rewards claiming mechanism leads to permanent loss of protocol royalties
* \#58130 \[SC-Medium] Asymmetric Validation in Collateralization Setters Allows Protocol Misconfiguration Breaking All Borrowing
* \#58080 \[SC-Medium] Aave V3 strategies fail to claim OP/ARB liquidity mining rewards, causing permanent loss of yield
* \#56927 \[SC-Medium] setMinimumCollateralization function also needs a another check
* \#56982 \[SC-Medium] Incorrect function selectors used in ZeroXSwapVerifier
* \#58722 \[SC-Medium] TokenAuto strategy allocation uses maxDeposit which may allocate less than requested, leaving any excess funds permanently locked
* \#58115 \[SC-Medium] Incorrect WETH deposit amount prevents deposited ETH through \`receive\` function to cover strategy loss.
* \#58639 \[SC-Medium] \`\`Off by One\`\` issue in the \`\`\_forceRepay()\`\` function causes protocol to lose funds in the form of \`\`protocol fee\`\`.
* \#58403 \[SC-Medium] Missing Checks for Transaction Return Values in Moonwell Strategies
* \#57227 \[SC-Medium] Unchecked Return Codes in MoonwellUSDCStrategy Leading to Stuck Funds
* \#56960 \[SC-Medium] Missing Slippage Protection During Redemption Execution, lead to loss of token for user.
* \#58492 \[SC-Medium] Unbounded Deposit Exposure in TokeAutoEthStrategy::\_allocate()
* \#58313 \[SC-Medium] Incorrect allocation accounting and dust handling in \`StargateEthPoolStrategy\` causes systematic loss, cap mis-accounting, and deallocation reverts
* \#57646 \[SC-Medium] ABI Signature Mismatch in ZeroXSwapVerifier Causes Complete Failure to Verify Legitimate 0x Settler Transactions
* \#57483 \[SC-Medium] Fees could be skipped when there is not enough collateral
* \#57771 \[SC-Medium] Fee not collected in \_forceRepay when should
* \#58718 \[SC-Medium] In \_forceRepay Protocol Fee Collection Leads to Theft of Unclaimed Yield
* \#56846 \[SC-Medium] Liquidation will return because of insufficient funds
* \#56737 \[SC-Medium] The return value of mint is not checked
* \#58334 \[SC-Medium] Incorrect Function Selectors
* \#58033 \[SC-Medium] Unimplemented \`\_claimRewards()\` Function Results in Permanent Freezing of Aave Incentive Rewards
* \#57545 \[SC-Medium] Stargate ETH Strategy Rounding Bug

</details>

<details>

<summary>Low</summary>

* \#57964 \[SC-Low] Improper validation of absoluteCap and relativeCap enables excessive fund allocation in AlchemistAllocator.
* \#56893 \[SC-Low] Pending admin cannot accept ownership in AlchemistCurator
* \#58642 \[SC-Low] Cap Bypass in \`AlchemistAllocator.deallocate()\` Allows Over-Deallocation Beyond Computed Limits
* \#58051 \[SC-Low] Incorrect Access Control in acceptAdminOwnership()
* \#58666 \[SC-Low] Recipient/owner not enforced in action verifiers enables theft of swap proceeds
* \#56383 \[SC-Low] The \`AlchemistCurator::acceptAdminOwnership\` can't be called by the pending admin and if the function is called without pending admin the admin rigths will be lost
* \#57546 \[SC-Low] \`MoonwellUSDCStrategy\` fail to claim its reward from Moonwell Comptroller
* \#57473 \[SC-Low] Inverted Comparison Operator Allows Operators Admin-Level Allocation Privileges
* \#56947 \[SC-Low] Flawed Access Control in AlchemistCurator Admin Transfer Pattern Leads to Risk of Permanent Loss of Control
* \#57862 \[SC-Low] Incorrect \`balanceBefore\` reading order in \`MorphoYearnOGWETHStrategy::\_deallocate\` function leads to wrong event emission
* \#57983 \[SC-Low] Direct Asset Drain via \`ZeroXSwapVerifier\` Bypass and \`MYTStrategy\` Unlimited \`Permit2\` Approvals
* \#58512 \[SC-Low] MYTStrategy \`isValidSignature\` is implemented wrong and will not work
* \#56517 \[SC-Low] ZeroXSwapVerifier validates struct but executes external actions, enabling direct fund theft
* \#58462 \[SC-Low] Incorrect post-withdraw balance measurement causes false loss reporting and mis-accounting in \`MorphoYearnOGWETHStrategy.\_deallocate\`
* \#58424 \[SC-Low] MorphoYearnOGWETH Strategy - Balance Check Order Bug
* \#58672 \[SC-Low] Incorrect Balance Check Sequence
* \#56633 \[SC-Low] Access Control Flaw in acceptAdminOwnership() Prevents Secure Admin Transfer Leading to Potential Permanent Loss of Curator Control
* \#58190 \[SC-Low] Operator Has No Allocation Restrictions in \[\`AlchemistAllocator\`]\(<https://github.com/alchemix-finance/v3-poc/blob/a192ab313c81ba3ab621d9ca1ee000110fbdd1e9/src/AlchemistAllocator.sol#>...
* \#58310 \[SC-Low] Strategy \`FluidARBUSDCStrategy\` cant claim fluid token reward
* \#56882 \[SC-Low] Missing Cap Enforcement in AlchemistAllocator Allows Operators to Bypass Risk Controls
* \#58120 \[SC-Low] Incorrect balance measurement in MorphoYearnOGWETH strategy leads to incorrect deallocation loss registering
* \#58590 \[SC-Low] Incorrect balance-read ordering in MorphoYearnOGWETHStrategy.\_deallocate
* \#58579 \[SC-Low] Inconsistent Admin Management Implementation in AlchemistCurator.sol
* \#58749 \[SC-Low] Incorrect balance snapshot
* \#58078 \[SC-Low] Access Control Bypass in ZeroXSwapVerifier - Missing Owner Validation
* \#57625 \[SC-Low] Incorrect Cover Accounting in \_earmark Leads to Earmarking Failure and Value Leakage
* \#58400 \[SC-Low] Alchemist allocator does not actually enforce caps
* \#58607 \[SC-Low] Incorrect access control in admin ownership transfer allows only current admin to accept ownership instead of pending admin
* \#57599 \[SC-Low] Protocol wrongly withdraws before checking balance of withdraw
* \#57079 \[SC-Low] \[H-1] MorphoYearnOGWETH Strategy: Incorrect Balance Measurement Order in \_deallocate() Causes DoS on Withdrawals with Any Loss
* \#57514 \[SC-Low] Calldata verification bypass in 0x preflight logic enables arbitrary from/recipient manipulation and direct fund theft
* \#58648 \[SC-Low] Incorrect wethBalanceBefore read causes broken loss detection in deallocation
* \#57534 \[SC-Low] Small debt positions cannot be liquidated due to zero amount checks on token vaults
* \#58345 \[SC-Low] Operators in \`AlchemistAllocator.sol\` can allocate higher than DAO defined limits
* \#57621 \[SC-Low] Improper reward claiming in TokeAutoEthStrategy sends TOKE tokens to wrong address causing permanent freezing of unclaimed yield
* \#58709 \[SC-Low] Naive 0x fill parsing lets attackers spoof token and amount checks
* \#58362 \[SC-Low] Users will lose TokeMak rewards earned in TokeAutoEthStrategy
* \#57127 \[SC-Low] Pending admin should call the function instead of admin
* \#58480 \[SC-Low] Missing recipient and token binding in verifySwapCalldata leads to unauthorized fund transfers
* \#58516 \[SC-Low] Inverted Min/Max Logic in AlchemistAllocator Operator Cap Calculation
* \#58604 \[SC-Low] Verification bypass in \`\_verifyExecuteMetaTxnCalldata\` enables arbitrary 0x actions to pass checks and execute in the \`ZeroXSwapVerifier.sol\` contract
* \#56343 \[SC-Low] MorphoYearnOGWETH \_deallocate function always emits StrategyDeallocationLoss due to flawed balance measurement
* \#58497 \[SC-Low] The amount of WETH redeemed is not calculated properly in MorphoYearnOGWETH
* \#58329 \[SC-Low] Incorrect Balance Measurement in \`MorphoYearnOGWETH.\_deallocate()\` Leads to Temporary Freezing of Funds via Spurious Loss Events
* \#58778 \[SC-Low] ZeroXSwapVerifier implements incorrect data extraction logic enabling verification bypass in future strategy integrations
* \#58348 \[SC-Low] ZeroXSwapVerifier accepts malicious 0x calldata (recipient not bound, minOut ignored, transferFrom misused) -> attacker can route strategy/vault funds to self (Direct theft)
* \#58416 \[SC-Low] Unclaimed Extra Rewards in Tokemak Integration Lead to Permanent Freezing of Yield
* \#58422 \[SC-Low] MorphoYearn OG WETH strategy always emits deallocation-loss event due to zero delta calculation
* \#57746 \[SC-Low] Broken contract ownership logic at AlchemistV3.sol
* \#58143 \[SC-Low] Unused Cap Enforcement Variables (adjusted)
* \#56836 \[SC-Low] Ownership Transfer Failure in [\`AlchemistCurator\`](https://github.com/alchemix-finance/v3-poc/blob/immunefi_audit/src/AlchemistCurator.sol) Prevents Future DAO Governance or Recovery
* \#57975 \[SC-Low] Broken admin rotation in acceptAdminOwnership() causes permanent governance lockout
* \#56625 \[SC-Low] Broken ownership transfer logic in AlchemistCurator permanently freezes contract operations
* \#57989 \[SC-Low] Broken isValidSignature leads to fund freezing
* \#58088 \[SC-Low] Inadequate enforcement of global cap enables cumulative over‑allocation
* \#58089 \[SC-Low] Arithmetic underflow revert in \`\_deallocate\`
* \#57837 \[SC-Low] \`MoonwellWETHStrategy\` cant claim reward from Moonwell Comptroller
* \#58002 \[SC-Low] Missing submitRemoveStrategy Function
* \#58149 \[SC-Low] MorphoYearnOGWETH incorrectly reports loss and triggers StrategyDeallocationLoss event
* \#57169 \[SC-Low] ZeroXSwapVerifier Policy Bypass via RFQ fillData Prefix (Token & Amount Spoof)
* \#58636 \[SC-Low] Broken Two-Step Admin Transfer Prevents Legitimate Admin Succession in AlchemistCurator
* \#58189 \[SC-Low] Two-step mechanism to transfer ownership is broken due to incorrect access control
* \#58259 \[SC-Low] Broken operator logic inside AlchemistCurator
* \#58386 \[SC-Low] Rewards claimed during deallocation remain stranded on strategy and unaccounted
* \#57665 \[SC-Low] Incorrect Balance Measurement in \`\_deallocate\` function of \`MorphoYearnOGWETHStrategy\`
* \#57697 \[SC-Low] Missing Recipient & \`from\` Checks in ZeroXSwapVerifier Enable Direct Asset Theft
* \#57866 \[SC-Low] Failure to verify the recipient's address can result in the theft of purchased tokens
* \#58578 \[SC-Low] ZeroXSwapVerifier allows attackers to drain strategy tokens via crafted calldata
* \#58575 \[SC-Low] Operator Limit Bypass
* \#58506 \[SC-Low] Adjusted Cap Limits Are Never Enforced
* \#58797 \[SC-Low] The \`TokeAuto\` strategies implementation does not accurately report the actual assets held by the strategy
* \#58796 \[SC-Low] Incorrect balance snapshot in \_deallocate() causes wethRedeemed always = 0
* \#57749 \[SC-Low] ZeroXSwapVerifier misses critical sender/recipient/minOut validations, allowing malicious 0x calldata to drain funds (Critical — Direct theft)
* \#57090 \[SC-Low] Ownership Transfer Failure in [\`AlchemistCurator\`](https://github.com/alchemix-finance/v3-poc/blob/immunefi_audit/src/AlchemistCurator.sol) Prevents Future DAO Governance or Recovery
* \#56583 \[SC-Low] Wrong 2 step transferAdminOwnerShip logic and insufficient checks in AlchemistCurator.sol leads to permanent admin ownership loss
* \#58257 \[SC-Low] In TokeAutoETH deallocate can be DOSed if the vault incuring losses
* \#56830 \[SC-Low] Broken admin Ownership transfer Logic, acceptAdminOwnership() requires current admin instead of pending Admin, Blocking Role Claim.
* \#58513 \[SC-Low] Broken Access Control in AlchemistCurator.acceptAdminOwnership() Prevents Admin Transfer
* \#56911 \[SC-Low] Incorrectly implemented two-step admin ownership transfer mechanism prevents new admin to accept role
* \#57328 \[SC-Low] Once \`tokeLockDuration\` is the opposite of zero in \`TokeAutoEthStrategy\`, accumulated rewards in \`accToke\` can be stuck
* \#57316 \[SC-Low] Allocation Cap Enforcement Missing & DeadCode
* \#56582 \[SC-Low] AlchemistCurator::removeStrategy is unable to remove strategies from vaults due to wrong logic implementation
* \#56832 \[SC-Low] AlchemistCurator contract doesn't allow to remove strategies from the MYT morpho V2 vault.
* \#57806 \[SC-Low] Staking Graph argument bounds are incorrectly defined
* \#58393 \[SC-Low] Wrong order in balance querying instructions in MorphoYearnOGWETHStrategy::\_deallocate function leads to always emit StrategyDeallocationLoss event
* \#58352 \[SC-Low] Assets Become Permanently Stuck in TokeAutoEth Strategy Due to Strict Balance Check
* \#58542 \[SC-Low] \[Low] Logic Error in MorphoYearnOGWETHStrategy.\_deallocate(): \`wethRedeemed\` Always Zero → All Deallocations Emit \`StrategyDeallocationLoss\`
* \#58357 \[SC-Low] Permanent Freezing of TokeAutoEth strategy rewards in MYT Vault
* \#57057 \[SC-Low] Wrong order of balance checks in MorphoYearnOGWETHStrategy
* \#57251 \[SC-Low] Curator Cannot Remove Adapter Due to Timelock Requirement
* \#56887 \[SC-Low] Incorrect balance tracking in MorphoYearnOGWETHStrategy \_deallocate function leads to wrong loss event emission(Resend))
* \#56324 \[SC-Low] Missing \`\`\`from==owner \`\`\`check in transferFrom verifier → direct theft of user funds
* \#58743 \[SC-Low] ZeroXSwapVerifier Recipient Validation Bypass
* \#57114 \[SC-Low] Inherited \`setAdmin\` function allows to bypass two-step admin ownership transfer mechanism
* \#58198 \[SC-Low] Broken Two-Step Admin Transfer Pattern
* \#56418 \[SC-Low] Two step owner transfer is broken and can lead to unforseen damages
* \#57622 \[SC-Low] Lack of claimed reward handling in MYT strategies will keep all external token rewards stuck forever
* \#56465 \[SC-Low] \`getTotalDeposited\` doesn't reflect the correct total deposited
* \#57439 \[SC-Low] Incorrect \`badDebtRatio\` rounding in \`Transmuter::claimRedemption()\` may cause funds to become permanently stuck
* \#58210 \[SC-Low] Incorrect balance measurement in deallocation disables loss detection in MorphoYearnOGWETH.
* \#58423 \[SC-Low] Pending Admin Cannot Accept Ownership Transfer in \`AlchemistCurator\`
* \#58249 \[SC-Low] Broken Two-Step Admin Handover in AlchemistCurator
* \#57394 \[SC-Low] \`acceptAdminOwnership()\` only allows the current admin to finalise transfers
* \#58124 \[SC-Low] Direct Theft of Funds via Malicious actions\[] in execute() Call Due to Incorrect Calldata Verification
* \#58627 \[SC-Low] Incorrect delta calculation in \_deallocate() causes wethRedeemed to always be zero.
* \#56498 \[SC-Low] Reserve Drainage Due to Incorrect Balance Measurement
* \#58322 \[SC-Low] Incorrect Emit Due to Wrong Ordering of wethBalanceBefore Calculation
* \#58360 \[SC-Low] Round-down calculation in \`convertToShares()\` leads to deallocation failure in TokeAutoEth strategy
* \#58408 \[SC-Low] Underflow account.rawLocked on \_subDebt due to rounding inconsistency
* \#58410 \[SC-Low] Tokemak Strategy Deallocation Causes TOKE Token Lockup
* \#58419 \[SC-Low] AlchemistCurator two-step ownership transfer mis-implemented
* \#58469 \[SC-Low] Pending Admin Cannot Accept Ownership
* \#56689 \[SC-Low] Reward token TOKE is stuck in MYT
* \#58555 \[SC-Low] \`AlchemistCurator\` 2-step ownership transfer is implemented incorrectly
* \#58428 \[SC-Low] TOKE reward loss when calling deallocate
* \#58376 \[SC-Low] claimRewards() function permanently locks earned Toke reward token on Morpho VaultV2
* \#58527 \[SC-Low] Complete loss of all reward value on TokeAutoEthStrategy \_claimRewards
* \#56451 \[SC-Low] \`AlchemistAllocator::allocate()\` and \`deallocate()\` do not enforce cap checks as intended
* \#57644 \[SC-Low] Unenforced cap logic in AlchemistAllocator allows not controlled allocations
* \#58325 \[SC-Low] Operator Can Shift vault Funds to Risky Strategies Without Oversight, leading to potential loss of user funds.
* \#58714 \[SC-Low] Pending Admin cannot accept Ownership in \`AlchemistCurator.sol\`
* \#58734 \[SC-Low] Broken strategy realAssets calculation
* \#56983 \[SC-Low] Tokemak rewards sent to MYT vault contract (not strategy) -> rewards stranded
* \#58056 \[SC-Low] The Auto ETH and USDC staking rewards will stuck in vault
* \#57067 \[SC-Low] Overstated Per-Account Locked Collateral Due to Global Clamp in \_subDebt
* \#56332 \[SC-Low] Pending Admin Cannot Accept Ownership
* \#57479 \[SC-Low] Logical bug in \`AlchemistCurator::acceptAdminOwnership\`, asking to current admin to accept ownership.
* \#58007 \[SC-Low] \`pendingAdmin\` cannot call \`acceptAdminOwnership()\` to accept admin role
* \#58333 \[SC-Low] Incorrect onlyAdmin Modifier in acceptAdminOwnership
* \#57024 \[SC-Low] \`wethBalanceBefore\` is computed after withdrawal in \`\_deallocate\` function in MorphoYearnOGWETHStrategy contract, leading to systematic StrategyDeallocationLoss event emission.
* \#56909 \[SC-Low] Incorrect balance snapshot in strategy deallocation causes false loss events and masks real shortfalls
* \#56529 \[SC-Low] Incorrect token balance calculation in MorphoYearnOGWETHStrategy.sol::\_deallocate() leads to wrong event emitted every time
* \#57926 \[SC-Low] The conditional 'StrategyDeallocationLoss' event in \`MorphoYearnOGWETHStrategy::\_deallocate\` gets logged all the time due a misplacement in variable declaration
* \#56961 \[SC-Low] Incorrect balance snapshot check in \`\_deallocate()\` logs false deallocation loss in MorphoYearnOGWETH strategy
* \#56962 \[SC-Low] Balance Check Logic Error in \_deallocate() Function Leads to Broken Loss Detection and False Event Emissions
* \#57777 \[SC-Low] ZeroX swap verifier bypass enables direct theft of user funds
* \#58079 \[SC-Low] Missing from validation in ZeroXSwapVerifier.verifySwapCalldata() enables direct theft of approved funds
* \#58289 \[SC-Low] Missing addresses Verification in ZeroXSwapVerifier
* \#57516 \[SC-Low] Arbitrary External Call in ZeroXSwapVerifier Leads to Theft of Unclaimed Yield
* \#58418 \[SC-Low] \`verifySwapCalldata\` cant verify the output token of the swap
* \#58705 \[SC-Low] Mismatch between emitted protocol fee and actual fee paid in \_forceRepay due to strict inequality check
* \#58040 \[SC-Low] removeStrategy() is Non-Functional
* \#57346 \[SC-Low] AlchemistAllocator Compares Incompatible Units (Asset Wei vs WAD Percentage)
* \#57982 \[SC-Low] Permanently stuck rewards in the Vault
* \#58473 \[SC-Low] Wrong redeemed amount calculation in MorphoYearnOGWETH strategy
* \#58110 \[SC-Low] MorphoYearnOGWETHStrategy will always report strategy loss
* \#57637 \[SC-Low] acceptAdminOwnership doesn't allow expected user approval
* \#56709 \[SC-Low] ZeroXSwapVerifier Missing Source Validation
* \#58133 \[SC-Low] TOKE Rewards Permanently Locked in Strategy adapter
* \#58488 \[SC-Low] TokeAutoUSDStrategy claims rewards to itself automatically when deallocate is called but since reward token is Tokemak the rewards remain permanently locked
* \#58520 \[SC-Low] Pending admin cannot accept ownership
* \#57123 \[SC-Low] Incorrect 2 step ownership in AlchemistCurator
* \#56602 \[SC-Low] Function takes incorrect modifier
* \#58077 \[SC-Low] Reward tokens are incorrectly claimed to strategy contract during deallocation leads to permanent token loss
* \#58244 \[SC-Low] Incorrect balance check order in \`MorphoYearnOGWETH\` strategy leads to false deallocation loss events

</details>

<details>

<summary>Insight</summary>

* \#56494 \[SC-Insight] Gas Optimization: Redundant External Calls in Strategy \_deallocate Functions
* \#58667 \[SC-Insight] Permit2 is approved the wrong asset which leads to loss of funds or failing swaps
* \#58719 \[SC-Insight] \[INSIGHT] Gas Optimization: Save gas by using the cached fee amount in burn() and repay() in \`Alchemist.sol\`
* \#56336 \[SC-Insight] \`StargateEthPoolStrategy::\_deallocate\` would emit false deallocating loss event in some cases
* \#58739 \[SC-Insight] Decimals mismatch causes 1e12 under-reporting in strategy returns, letting allocations silently exceed per-strategy and global caps
* \#56346 \[SC-Insight] Redundant calculation of feeAmount in repay function
* \#57448 \[SC-Insight] Unnecessary computation of lockedCollateral in \`\_addDebt()\` and \`\_subDebt()\`
* \#58094 \[SC-Insight] AutopoolETH vault slippage during LP token liquidation leads to temporary fund freezing
* \#57522 \[SC-Insight] useCurrent flag ignored in preview functions in Moonwell strategies
* \#58326 \[SC-Insight] The value of the burned Peapods share token may exceed expectations
* \#56368 \[SC-Insight] \`AlchemistTokenVault::deposit()\` should use \`safeTransferFrom()\` instead of \`transferFrom()\`; \`AlchemistTokenVault::withdraw()\` should use \`safeTransfer()\` instead of \`transfer()\`
* \#56621 \[SC-Insight] Broken withdrawal logic in AaveV3ARBUSDCStrategy permanently locks user funds
* \#56806 \[SC-Insight] Broken withdrawal logic in AaveV3ARBWETHStrategy permanently locks user funds
* \#57969 \[SC-Insight] Lack of incentive to liquidate small positions can cause the system to accumulate bad debt
* \#56348 \[SC-Insight] Incorrect APY calculation in MYTStrategy::\_approxAPY() causes underreported yields
* \#58762 \[SC-Insight] Manipulation of \`feeInUnderlying\` through front-running during liquidations on Ethereum
* \#56658 \[SC-Insight] Transmuter's tokenURI does not revert for nonexistent tokenIds
* \#57816 \[SC-Insight] Critical Incentive Failure in calculateLiquidation Leads to Protocol Insolvency Risk During Global Bad Debt
* \#56528 \[SC-Insight] Unbounded \`slippageBPS\` Can Freeze Withdrawals
* \#56326 \[SC-Insight] Variable could be immutable
* \#56350 \[SC-Insight] Implementation contract AlchemistV3 not locked (\_disableInitializers() missing)
* \#56462 \[SC-Insight] Unused Mapping Causes Unnecessary Storage Gas Consumption
* \#58076 \[SC-Insight] Fix unit mismatch in \_doLiquidation: collateralInUnderlying -> collateralInDebt
* \#58735 \[SC-Insight] \`\`calculateLiquidation\`\` reverts due to divide by \`\`ZERO\`\` if \`\`targetCollateralization = FIXED\_POINT\_SCALAR\`\`
* \#57563 \[SC-Insight] Reward tokens being permanently frozen in TokeAutoUSDStrategy
* \#56328 \[SC-Insight] Redundant require statement in EulerUSDCStrategy \_deallocate function leads to unnecessary gas consumption
* \#56801 \[SC-Insight] Function burn could be gas optimized
* \#56406 \[SC-Insight] \`getEstimatedYield\` never updates after snapshots
* \#56730 \[SC-Insight] Transmuter \`tokenURI()\` is not EIP-721 compliance
* \#58552 \[SC-Insight] Single transfer instead of multiple saves gas
* \#57791 \[SC-Insight] Receipt Token Misconfiguration in Aave Strategies
* \#56572 \[SC-Insight] Aave V3 lending pool is immutable in Aave strategies
* \#56949 \[SC-Insight] Uncapped collateral transfer in redemption leads to accounting discrepancy enabling theft of user funds
* \#58703 \[SC-Insight] Cached interest rate calculation in PeapodsETH strategy leads to inaccurate APR/APY estimates
* \#58146 \[SC-Insight] Whitelist can be disabled repeatedly, contradicting intended program behavior.
* \#56895 \[SC-Insight] Function approveMint is vulnerable to race conditions
* \#57291 \[SC-Insight] Hardcoded Slippage in MYT Strategy
* \#56561 \[SC-Insight] Fee amount is recomputed multiple times when the initial value has already been cached
* \#57923 \[SC-Insight] Redundant Synthetic Transfers in claimRedemption When amountNottransmuted is Zero
* \#56427 \[SC-Insight] src/utils/PermissionedProxy.sol::setPermissionedCall incomplete event emission because it doesnt include value argument for signature
* \#56347 \[SC-Insight] burn contains redundant calculations
* \#56518 \[SC-Insight] \`claimWithdrawalQueue\` discards claimed amount
* \#58356 \[SC-Insight] The Alchemist TokeAuto Strategies doesn't use recommended best practice by TokeAuto.
* \#57606 \[SC-Insight] Attacker can DoS deposits by hitting the deposit cap
* \#57028 \[SC-Insight] Wrong amount variable in Repay event
* \#57832 \[SC-Insight] Cap Logic Error in AlchemistAllocator
* \#57208 \[SC-Insight] It is possible to prevent lowering the deposit cap by front-running

</details>

## Reports by Type

<details>

<summary>Smart Contract</summary>

* \#58755 \[SC-High] Users position that are synced at certain times overestimate collateralBalance of the position
* \#57964 \[SC-Low] Improper validation of absoluteCap and relativeCap enables excessive fund allocation in AlchemistAllocator.
* \#56494 \[SC-Insight] Gas Optimization: Redundant External Calls in Strategy \_deallocate Functions
* \#56893 \[SC-Low] Pending admin cannot accept ownership in AlchemistCurator
* \#58642 \[SC-Low] Cap Bypass in \`AlchemistAllocator.deallocate()\` Allows Over-Deallocation Beyond Computed Limits
* \#58051 \[SC-Low] Incorrect Access Control in acceptAdminOwnership()
* \#58666 \[SC-Low] Recipient/owner not enforced in action verifiers enables theft of swap proceeds
* \#58667 \[SC-Insight] Permit2 is approved the wrong asset which leads to loss of funds or failing swaps
* \#56383 \[SC-Low] The \`AlchemistCurator::acceptAdminOwnership\` can't be called by the pending admin and if the function is called without pending admin the admin rigths will be lost
* \#57774 \[SC-Critical] Redemption Earmark Mechanism Can Be Permanently Blocked via Single-Block Earmark Calls
* \#58793 \[SC-Critical] Repayment Fee Overpayment from Global Collateral Pool
* \#57093 \[SC-Critical] Potential Locked Funds Due to Partial Redeem Shortfall and miss calculation, lead to user loss their myt token forever.
* \#57546 \[SC-Low] \`MoonwellUSDCStrategy\` fail to claim its reward from Moonwell Comptroller
* \#57473 \[SC-Low] Inverted Comparison Operator Allows Operators Admin-Level Allocation Privileges
* \#56571 \[SC-High] Inflated claim payouts from double-counted MYT after liquidation
* \#56947 \[SC-Low] Flawed Access Control in AlchemistCurator Admin Transfer Pattern Leads to Risk of Permanent Loss of Control
* \#57862 \[SC-Low] Incorrect \`balanceBefore\` reading order in \`MorphoYearnOGWETHStrategy::\_deallocate\` function leads to wrong event emission
* \#57983 \[SC-Low] Direct Asset Drain via \`ZeroXSwapVerifier\` Bypass and \`MYTStrategy\` Unlimited \`Permit2\` Approvals
* \#56751 \[SC-Medium] StargateEthPoolStrategy deallocate function redeem less weth than expected
* \#57036 \[SC-High] Unconditional Debt Reduction Before Protocol Fee Check in Force Repayment
* \#57041 \[SC-High] Deallocation Accounting Mismatch Between Vault and Adapter
* \#58512 \[SC-Low] MYTStrategy \`isValidSignature\` is implemented wrong and will not work
* \#58004 \[SC-High] Protocol Insolvency from \`cumulativeEarmarked\` During \`\_forceRepay()\`
* \#58276 \[SC-Critical] Uncapped \`feeInYield\` in \`\_resolveRepaymentFee\` allows for collateral theft from other depositors
* \#56517 \[SC-Low] ZeroXSwapVerifier validates struct but executes external actions, enabling direct fund theft
* \#58462 \[SC-Low] Incorrect post-withdraw balance measurement causes false loss reporting and mis-accounting in \`MorphoYearnOGWETHStrategy.\_deallocate\`
* \#58526 \[SC-High] Missing accounting update in liquidation functions leads to permanent DOS on deposits
* \#58466 \[SC-High] Liquidation Fee Payment Failure Due to Redundant wrong Collateral Check
* \#58518 \[SC-Critical] Liquidation will steal Repayment Fee from Innocent Users Funds
* \#56692 \[SC-Medium] \`ZeroXSwapVerifier\` verification will always revert due to wrong hardcoded execution function selectors
* \#58471 \[SC-High] Accounting error in \`\_forceRepay\`/\`\_doLiquidation\` overstates TVL, enabling under-scaled redemptions and potential insolvency
* \#58474 \[SC-High] Liquidator will bypass liquidation fees affecting protocol revenue
* \#57096 \[SC-Medium] The implementation of TokeAutoEth::\_allocate is incorrect
* \#58424 \[SC-Low] MorphoYearnOGWETH Strategy - Balance Check Order Bug
* \#56839 \[SC-Medium] Moonwell Strategies Fail to Check Compound Error Codes Causing Silent Allocation Failures
* \#56827 \[SC-High] Missing Global Earmark Reduction in \_forceRepay
* \#57122 \[SC-Critical] Mismatch Between Capped Fee and Returned Fee in \`\_resolveRepaymentFee\`
* \#58672 \[SC-Low] Incorrect Balance Check Sequence
* \#57633 \[SC-High] Block-gated \_earmark() call in redeem() nullifies prefunded Transmuter cover on the first redemption of each block, leading to collateral overpayment and potential protocol insolvency
* \#57288 \[SC-High] Flawed rounding logic in TokeAutoEth deallocate function causes permanent freezing of funds
* \#57172 \[SC-High] Missing \_mytSharesDeposited Decrements in Liquidation Flows Causes Accounting Divergence
* \#58450 \[SC-High] Missing Transmuter Balance Update After Redemption Blocks Future Earmarking and Underfunds Redemptions
* \#57308 \[SC-High] AlchemistV3 does not update \`\_mytSharesDeposited\` when performing liquidation, causing global accounting and liquidation logic mismatch
* \#57311 \[SC-Medium] Moonwell allocation and deallocation can fail silently, causing incorrect state updates and loss of yield
* \#56402 \[SC-High] \`killSwitch\` leaves vault assets stranded and blocks withdrawals
* \#58531 \[SC-Critical] QueryGraph function Zero-Return Bug causing Tracking Earmarking Failure Over Progressive Block Intervals
* \#57331 \[SC-Medium] Conditional ETH Wrapping Logic Causes Withdrawal DoS in MoonwellWETH and StargateETH Strategies
* \#58113 \[SC-High] StargateEthPoolStrategy.realAssets return false real assets
* \#58288 \[SC-Critical] Incorrect Fee Payment Logic Leads to Underpayment
* \#58306 \[SC-Critical] Repayment Fee Not Adjusted for Insufficient Collateral
* \#58394 \[SC-High] MEV opportunity because no slippage protection in TokeAutoEthStrategy
* \#56633 \[SC-Low] Access Control Flaw in acceptAdminOwnership() Prevents Secure Admin Transfer Leading to Potential Permanent Loss of Curator Control
* \#58190 \[SC-Low] Operator Has No Allocation Restrictions in \[\`AlchemistAllocator\`]\(<https://github.com/alchemix-finance/v3-poc/blob/a192ab313c81ba3ab621d9ca1ee000110fbdd1e9/src/AlchemistAllocator.sol#>...
* \#58310 \[SC-Low] Strategy \`FluidARBUSDCStrategy\` cant claim fluid token reward
* \#57510 \[SC-High] Stale Locked Collateral Tracking During Price Appreciation Causes Disproportionate Redemption Losses
* \#57345 \[SC-High] Missing cumulativeEarmarked Decrement in \_forceRepay Breaks Earmarking Invariant Leading to Unfair Redemption Burden Distribution
* \#58547 \[SC-High] Mismatched Accounting and Transfer for Capped Fees
* \#58337 \[SC-High] Incorrect Handling of cumulativeEarmarked in \_forceRepay leads to inflated survival accumulator.
* \#57745 \[SC-High] Syn fails to update the rawLocked valuation leading to a loss of fund for users with rawlock > 0 when total lock become 0.
* \#58572 \[SC-High] Liquidation of account \`\`collateral\`\` doesn't subtract \`\`\_mytSharesDeposited\`\` which creates bad debt in the system and causes \`\`insolvency\`\`.
* \#57360 \[SC-Critical] Unreconciled repayment fee transfer enables MYT overpayment and TVL inflation
* \#56882 \[SC-Low] Missing Cap Enforcement in AlchemistAllocator Allows Operators to Bypass Risk Controls
* \#58409 \[SC-High] ## \[HIGH] Arithmetic Underflow in \`MYTStrategy.sol\`'s \`deallocate()\` Check Prevents Yield Withdrawal
* \#56435 \[SC-Critical] AlchemistV3: repayment‑only liquidation pays liquidator from pool (fee leak) → theft of unclaimed yield
* \#57954 \[SC-High] Lackf of tracking of excess cover in \`\_earmark\` function leads to permanent loss of cover value and stuck user positions.
* \#57460 \[SC-High] Protocol fails to subtract fee from total locked when burning and repaying
* \#58688 \[SC-Critical] \`AlchemistV3::\_liquidate\` can steal other users’ collateral
* \#58320 \[SC-Critical] Incorrect Fee Return Value in \_resolveRepaymentFee Enables Fund Theft Under Extreme Conditions
* \#58425 \[SC-High] Missing slippage protection when depositing to TokeAuto strategies
* \#58120 \[SC-Low] Incorrect balance measurement in MorphoYearnOGWETH strategy leads to incorrect deallocation loss registering
* \#58741 \[SC-Medium] Action function signatures to 0x Settler are wrong
* \#58231 \[SC-Medium] Attacker can stop protocol from allocating assets to the AutoETH vaults
* \#58683 \[SC-Critical] There is an issue in earmarked debt eeduction in the repay() can causes a permanent fund freeze
* \#58447 \[SC-Critical] Unfair Collateral Loss Through Socialized Redemption Costs
* \#57559 \[SC-High] Missing \`\_mytSharesDeposited\` Decrement in Liquidation Paths Enables Theft of Unclaimed Yield and Protocol Insolvency
* \#58387 \[SC-High] Liquidator Fee in the \_doliquidation Function Withheld When Collateral Is Exhausted Leading to Seized Fee Trapped in Protocol
* \#57447 \[SC-High] Untracked MYT outflows inflate TVL causing liquidation suppression
* \#58590 \[SC-Low] Incorrect balance-read ordering in MorphoYearnOGWETHStrategy.\_deallocate
* \#58579 \[SC-Low] Inconsistent Admin Management Implementation in AlchemistCurator.sol
* \#58749 \[SC-Low] Incorrect balance snapshot
* \#57167 \[SC-Medium] Missing \`claim\` Function in Euler and Morpho strategies Leads to Loss of Yield Rewards
* \#57148 \[SC-High] \`\_mytSharesDeposited\` variable is not correctly updated during liquidations, leading to wrong assumptions and incorrect bad debt calculation in the Transmuter.
* \#58763 \[SC-High] Accounting is broken when redeem() is bypassed due to Transmuter balance
* \#58273 \[SC-Medium] Incorrect Hardcoded 0x Settler Function Selectors
* \#58573 \[SC-Critical] AlchemistV3 Repayment Fee Cross-Account Theft Vulnerability
* \#58398 \[SC-High] No Slippage Protection on Large Allocation Deposits
* \#57751 \[SC-High] There is a problem related to forced liquidation branch and this creates issue thatk cna drains protocol backing
* \#58413 \[SC-Critical] Attacker/user can prevent Earmark from updating the earnmarkweight causing the transmuter action to repay det gradually to fail for all users
* \#56727 \[SC-High] Underlying increase in forced repayments leads to insolvency
* \#58078 \[SC-Low] Access Control Bypass in ZeroXSwapVerifier - Missing Owner Validation
* \#57625 \[SC-Low] Incorrect Cover Accounting in \_earmark Leads to Earmarking Failure and Value Leakage
* \#56673 \[SC-High] Zero-cost fee farming via forced earmarked repayment
* \#58400 \[SC-Low] Alchemist allocator does not actually enforce caps
* \#58607 \[SC-Low] Incorrect access control in admin ownership transfer allows only current admin to accept ownership instead of pending admin
* \#56732 \[SC-Critical] Incorrect boundary condition in queryGraph leads to systematic under-earmarking and transmuter redemption fund loss
* \#56385 \[SC-Critical] Repayment fee can be paid from the pool even when the account has no collateral left
* \#57599 \[SC-Low] Protocol wrongly withdraws before checking balance of withdraw
* \#58736 \[SC-High] Missing TVL Accounting in \_forceRepay and \_doLiquidation Leads to Protocol Insolvency
* \#58274 \[SC-High] Liquidation fee logic in \`\_doLiquidation\` strands liquidator rewards when balance is exhausted, freezing funds
* \#56714 \[SC-High] Accounting Invariant Violation in \_forceRepay Leads to Protocol Insolvency
* \#58719 \[SC-Insight] \[INSIGHT] Gas Optimization: Save gas by using the cached fee amount in burn() and repay() in \`Alchemist.sol\`
* \#57730 \[SC-High] Liquidation Does Not Decrease mytSharesDeposited
* \#56859 \[SC-Medium] LP/underlying mismatch in \`StargateEthPoolStrategy::\_deallocate\` causes withdrawal DoS
* \#57079 \[SC-Low] \[H-1] MorphoYearnOGWETH Strategy: Incorrect Balance Measurement Order in \_deallocate() Causes DoS on Withdrawals with Any Loss
* \#57590 \[SC-Critical] Double-counted Transmuter cover in \`redeem()\` allows overstated redemptions and potential over-withdraw/over-borrow
* \#57514 \[SC-Low] Calldata verification bypass in 0x preflight logic enables arbitrary from/recipient manipulation and direct fund theft
* \#56363 \[SC-High] \`\_mytSharesDeposited\` not correctly updated in all cases, leading to incorrect protocol collateralization and reduced liquidation incentives
* \#56395 \[SC-High] Accounting desync in liquidation outflows leads to artificial deposit cap exhaustion and denial-of-Service on recapitalization
* \#58236 \[SC-High] Accounting mismatch: \`\_forceRepay\`/\`\_doLiquidation\` fail to decrement \`\_mytSharesDeposited\`, locking deposit capacity and overstating collateral
* \#58724 \[SC-Critical] Partial Redemption Burns Full Position — Accounting Desynchronization and Potential Underpayment in Transmuter.claimRedemption()
* \#58098 \[SC-High] There is a problem from ledger TVL sesync inliquidations cause a under-liquidation and systemic insolvency risk
* \#56824 \[SC-High] Missing update to \_mytSharesDeposited during liquidation
* \#58648 \[SC-Low] Incorrect wethBalanceBefore read causes broken loss detection in deallocation
* \#58336 \[SC-Medium] Additive Update to Survival Accumulator Causing Overflow
* \#58354 \[SC-High] \`\_forceRepay\` does not decrement \`\_mytSharesDeposited\`, causing a temporal blocking of new deposits
* \#58771 \[SC-High] Incorrect Tracking of Total Deposited Yield Tokens (\_mytSharesDeposited) in Liquidation and Force Repayment Paths
* \#56552 \[SC-High] Liquidation fee misrouting in AlchemistV3.\_doLiquidation() leads to theft of unclaimed yield (liquidator fee stranded)
* \#57530 \[SC-High] Stale TVL Accounting in Liquidations Leads to Protocol Insolvency
* \#56336 \[SC-Insight] \`StargateEthPoolStrategy::\_deallocate\` would emit false deallocating loss event in some cases
* \#58707 \[SC-Medium] Moonwell strategy \_allocate() does not revert when mint fails which can result in a sudden drop in Myt share price and consequently sever under-collateralization
* \#57534 \[SC-Low] Small debt positions cannot be liquidated due to zero amount checks on token vaults
* \#58739 \[SC-Insight] Decimals mismatch causes 1e12 under-reporting in strategy returns, letting allocations silently exceed per-strategy and global caps
* \#58345 \[SC-Low] Operators in \`AlchemistAllocator.sol\` can allocate higher than DAO defined limits
* \#56794 \[SC-Critical] Liquidators can be overpaid due to accounting error
* \#57668 \[SC-High] Missing collateral tracking update during liquidation leads to inflated total value calculation and delayed under-collateralization protection
* \#57621 \[SC-Low] Improper reward claiming in TokeAutoEthStrategy sends TOKE tokens to wrong address causing permanent freezing of unclaimed yield
* \#58709 \[SC-Low] Naive 0x fill parsing lets attackers spoof token and amount checks
* \#56873 \[SC-Medium] Incorrect ETH Wrapping Condition in MoonwellWETHStrategy.\_deallocate() Leads to Temporary Freezing of Funds
* \#56346 \[SC-Insight] Redundant calculation of feeAmount in repay function
* \#58362 \[SC-Low] Users will lose TokeMak rewards earned in TokeAutoEthStrategy
* \#58192 \[SC-High] TokeAutoEth Strategy Tokens Locked When AutoPool(router) Enforces maxDeposit Cap
* \#57127 \[SC-Low] Pending admin should call the function instead of admin
* \#57129 \[SC-High] Missing \_mytSharesDeposited Decrement in Liquidation Functions Causes Permanent TVL Inflation
* \#58507 \[SC-Critical] Repayment fee after forceRepay could result in socialized loss during global undercollateralization
* \#56965 \[SC-Critical] AlchemistV3 handling of added Transmuter coverage includes an error that enables an attacker to cause protocol insolvency
* \#58480 \[SC-Low] Missing recipient and token binding in verifySwapCalldata leads to unauthorized fund transfers
* \#58516 \[SC-Low] Inverted Min/Max Logic in AlchemistAllocator Operator Cap Calculation
* \#58358 \[SC-High] Mismatched CollateralWeight and rawLocked Causes Incorrect Collateral Removal in Sync
* \#56522 \[SC-Medium] \`TokeAutoUSDStrategy::\_allocate()\` and \`TokeAutoEthStrategy::\_allocate()\` may suffer a denial-of-service (DoS) due to token amount mismatch in \`AutopilotRouter::depositMax()\`
* \#58604 \[SC-Low] Verification bypass in \`\_verifyExecuteMetaTxnCalldata\` enables arbitrary 0x actions to pass checks and execute in the \`ZeroXSwapVerifier.sol\` contract
* \#57941 \[SC-High] Incorrect handling of deallocate return val causes any interest gains in a strategy to become unclaimable and permanently locked
* \#56519 \[SC-Critical] Unchecked repayment fee transfer in \`\_liquidate\` pays liquidators from other users’ collateral
* \#58280 \[SC-Critical] Repayment's fee is charged from other users causing the contract to fail when the myt total balance of a user cannot cover the fee
* \#57053 \[SC-Critical] Integer Division Precision Loss in normalizeDebtTokensToUnderlying Leads to Permanent Collateral Locking
* \#57448 \[SC-Insight] Unnecessary computation of lockedCollateral in \`\_addDebt()\` and \`\_subDebt()\`
* \#56343 \[SC-Low] MorphoYearnOGWETH \_deallocate function always emits StrategyDeallocationLoss due to flawed balance measurement
* \#58497 \[SC-Low] The amount of WETH redeemed is not calculated properly in MorphoYearnOGWETH
* \#58269 \[SC-High] Liquidator Fee Not Paid When Fee Equals Surplus
* \#58329 \[SC-Low] Incorrect Balance Measurement in \`MorphoYearnOGWETH.\_deallocate()\` Leads to Temporary Freezing of Funds via Spurious Loss Events
* \#57662 \[SC-Critical] portion of users alAsset amount that staked in transmuter can be lost forever when \`amount > cumulativeEarmarked\`
* \#58626 \[SC-Critical] Repayment Fee Overpayment in Liquidation Repay-Only Path
* \#58094 \[SC-Insight] AutopoolETH vault slippage during LP token liquidation leads to temporary fund freezing
* \#56672 \[SC-High] Inconsistent MYT share accounting leads to under-liquidation and solvency risk
* \#57907 \[SC-High] Incorrect forced-repayment accounting allows debt forgiveness and frees locked collateral (systemic loss)
* \#57585 \[SC-High] AlchemistV3 does not properly update CDP collateralBalance when redemptions exceed \_totalLocked which enables some CDPs to over-withdraw collateral on account of others
* \#58778 \[SC-Low] ZeroXSwapVerifier implements incorrect data extraction logic enabling verification bypass in future strategy integrations
* \#58347 \[SC-High] Accounting Drift Due to Missing \`\_mytSharesDeposited\` Decrements During Liquidation
* \#58348 \[SC-Low] ZeroXSwapVerifier accepts malicious 0x calldata (recipient not bound, minOut ignored, transferFrom misused) -> attacker can route strategy/vault funds to self (Direct theft)
* \#58416 \[SC-Low] Unclaimed Extra Rewards in Tokemak Integration Lead to Permanent Freezing of Yield
* \#58422 \[SC-Low] MorphoYearn OG WETH strategy always emits deallocation-loss event due to zero delta calculation
* \#58456 \[SC-Medium] Account Can Enter Unliquidatable State with Residual Debt
* \#57930 \[SC-High] Allocation tracking underflow in strategy deallocation Leads to protocol insolvency
* \#56817 \[SC-High] ForceRepay doesn't decrement \_mytSharesDeposited, inflating TVL
* \#58112 \[SC-High] A malicious user can avoid getting penalized upon a Transmuter redemption by depositing and withdrawing collateral in the Alchemist
* \#58628 \[SC-High] Attackers Can Avoid Redemption Losses By Temporarily Burning and Re-Borrowing The Debt
* \#57522 \[SC-Insight] useCurrent flag ignored in preview functions in Moonwell strategies
* \#58326 \[SC-Insight] The value of the burned Peapods share token may exceed expectations
* \#57088 \[SC-High] Unscaled collateral accounting in redeem lets users withdraw more than intended
* \#57726 \[SC-High] AlchemistV3: MYT TVL accounting drift on liquidation/forceRepay blocks deposits via depositCap (Medium — Smart contract unable to operate due to lack of token funds)
* \#58396 \[SC-High] Total locked is not cleared proportionally to the total debt, this forces the collateral weight to become incorrect and new users transmuter redeem repayment will repay more debt fo...
* \#58163 \[SC-Critical] Total loss of user Funds in claim redemption
* \#57950 \[SC-High] Unit Mismatch in \_addDebt() Collateralization Check Allows Unbacked Debt Issuance and Protocol Insolvency
* \#56368 \[SC-Insight] \`AlchemistTokenVault::deposit()\` should use \`safeTransferFrom()\` instead of \`transferFrom()\`; \`AlchemistTokenVault::withdraw()\` should use \`safeTransfer()\` instead of \`transfer()\`
* \#57746 \[SC-Low] Broken contract ownership logic at AlchemistV3.sol
* \#58143 \[SC-Low] Unused Cap Enforcement Variables (adjusted)
* \#58645 \[SC-Medium] Incorrect WETH Wrapping Amount in \`MoonwellWETHStrategy.\_deallocate()\` Wraps \`ethRedeemed\` Instead of \`amount\`
* \#58757 \[SC-Critical] Forgotten cover in \_earmark() causes systematic over-earmarking and temporary freezing of user collateral
* \#57957 \[SC-Medium] Loss of EulerETH vault yields for Euler WETH Strategy
* \#56836 \[SC-Low] Ownership Transfer Failure in [\`AlchemistCurator\`](https://github.com/alchemix-finance/v3-poc/blob/immunefi_audit/src/AlchemistCurator.sol) Prevents Future DAO Governance or Recovery
* \#57963 \[SC-High] Incorrect \_mytSharesDeposited Accounting in liquidate() Allows Theft of User Funds via Corrupted Bad Debt Ratio
* \#58070 \[SC-High] Forced-repay accounting lets borrowers erase debt without paying equivalent assets (protocol deficit / insolvency)
* \#57632 \[SC-High] Inflated TVL in \_mytSharesDeposited hides protocol insolvency
* \#56621 \[SC-Insight] Broken withdrawal logic in AaveV3ARBUSDCStrategy permanently locks user funds
* \#58125 \[SC-Critical] Repayment Fee Overpayment from Pooled Collateral
* \#56806 \[SC-Insight] Broken withdrawal logic in AaveV3ARBWETHStrategy permanently locks user funds
* \#57970 \[SC-High] \_forceRepay Leaves \`cumulativeEarmarked\` Stale
* \#57969 \[SC-Insight] Lack of incentive to liquidate small positions can cause the system to accumulate bad debt
* \#56348 \[SC-Insight] Incorrect APY calculation in MYTStrategy::\_approxAPY() causes underreported yields
* \#57788 \[SC-Medium] Missing \`\_claimRewards()\` Implementation in AaveV3ARBUSDCStrategy Leads to Permanent Loss of Aave Incentive Rewards
* \#58435 \[SC-High] Systemic Accounting Bug Leads to Protocol Insolvency
* \#57975 \[SC-Low] Broken admin rotation in acceptAdminOwnership() causes permanent governance lockout
* \#58762 \[SC-Insight] Manipulation of \`feeInUnderlying\` through front-running during liquidations on Ethereum
* \#57793 \[SC-High] \`cumulativeEarmarked\` variable is not updated in \`\_forceRepay\` function, breaking core internal logic and leading to user funds being stuck.
* \#57102 \[SC-High] TVL Overstatement from \_mytSharesDeposited Desync Enables Softened Liquidations & No‑Haircut Over‑Redemptions (Transmuter)
* \#56625 \[SC-Low] Broken ownership transfer logic in AlchemistCurator permanently freezes contract operations
* \#58203 \[SC-Medium] Moonwell Strategies Silent Failure Due to Unchecked mint() and redeemUnderlying() Return Values
* \#56658 \[SC-Insight] Transmuter's tokenURI does not revert for nonexistent tokenIds
* \#57989 \[SC-Low] Broken isValidSignature leads to fund freezing
* \#58086 \[SC-High] Mis-accounting of MYT outflows inflates TVL, distorts collateralization, and can DoS deposits/liquidations
* \#58088 \[SC-Low] Inadequate enforcement of global cap enables cumulative over‑allocation
* \#57816 \[SC-Insight] Critical Incentive Failure in calculateLiquidation Leads to Protocol Insolvency Risk During Global Bad Debt
* \#56855 \[SC-Medium] Liquidations Fail With Arithmetic Underflow When Forced Repayment Exhausts Collateral
* \#58089 \[SC-Low] Arithmetic underflow revert in \`\_deallocate\`
* \#56528 \[SC-Insight] Unbounded \`slippageBPS\` Can Freeze Withdrawals
* \#58443 \[SC-Critical] Incorrect Consumption of Yield Cover in redeem, Leading to Reuse of Accrued Yield
* \#58442 \[SC-High] Liquidation Breaks Core Accounting Invariant: Missing cumulativeEarmarked Update in \_forceRepay() Causes Permanent State Drift
* \#57995 \[SC-High] Missing Slippage Protection in TokeAutoUSDStrategy Allocation Function Leads to Permanent Value Loss
* \#58093 \[SC-Medium] MORPHO reward in \`MorphoYearnOGWETH\` will be lost or stuck
* \#56678 \[SC-High] Missing Internal MYT Shares Accounting in Liquidation Functions Causes Deposit Blocking and Protocol Insolvency Risk Through Inflated TVL Calculations
* \#57464 \[SC-High] Incorrect accounting in stargate strategy causes protocol insolvency and user liquidations
* \#58369 \[SC-High] Missing \_mytSharesDeposited Decrements in \_forceRepay/\_doLiquidation Leads to Smart Contract Unable to Operate Due to Lack of Token Funds
* \#57837 \[SC-Low] \`MoonwellWETHStrategy\` cant claim reward from Moonwell Comptroller
* \#58002 \[SC-Low] Missing submitRemoveStrategy Function
* \#57152 \[SC-High] Assets Permanently Locked Due to KillSwitch Flag
* \#56326 \[SC-Insight] Variable could be immutable
* \#58006 \[SC-Medium] \`MoonwellUSDCStrategy.\_allocate\` ignores Compound-style mint failures and corrupts vault accounting
* \#58772 \[SC-Critical] \`\_resolveRepaymentFee\` overpays liquidators when collateral is gone, letting attackers drain MYT
* \#58792 \[SC-High] the cumulativeEarmark does not decrease in \_forceRepay which lead to transfer more collateral from users even when all earmark debt cleared which breaks the alchemix v3 core logic
* \#58773 \[SC-Medium] In Stargate Incorrect Allocation Cap Accounting Leading to Unnecessary DoS
* \#58149 \[SC-Low] MorphoYearnOGWETH incorrectly reports loss and triggers StrategyDeallocationLoss event
* \#58449 \[SC-Medium] TokeAutoEth Strategy Balance-Approval Mismatch DOS
* \#58019 \[SC-High] Flawed killSwitch Implementation in MYTStrategy Leads to Permanent Loss of Funds
* \#57860 \[SC-High] Incorrect \`\_mytSharesDeposited\` accounting inflates collateral and underreports bad debt, enabling insolvency
* \#57861 \[SC-High] Missing Slippage Protection in Tokemak Autopool Allocation Functions Leads to Direct Theft of User Funds
* \#57169 \[SC-Low] ZeroXSwapVerifier Policy Bypass via RFQ fillData Prefix (Token & Amount Spoof)
* \#58452 \[SC-High] MYTStrategy Allocation underflow in deallocate() when allocation + profits exceed old allocation
* \#57197 \[SC-High] Incorrect \_totalLocked Reduction
* \#57604 \[SC-High] Nominal accounting mismatch in Moonwell strategies leads to permanent locking of all generated yield
* \#57867 \[SC-Medium] ZeroXSwapVerifier erroneously rejects Uniswap v3 swaps due to an an incorrect selector
* \#58636 \[SC-Low] Broken Two-Step Admin Transfer Prevents Legitimate Admin Succession in AlchemistCurator
* \#57212 \[SC-High] \_totalLocked is not properly decremented in the redeem function causing system insolvency.
* \#58189 \[SC-Low] Two-step mechanism to transfer ownership is broken due to incorrect access control
* \#56350 \[SC-Insight] Implementation contract AlchemistV3 not locked (\_disableInitializers() missing)
* \#56462 \[SC-Insight] Unused Mapping Causes Unnecessary Storage Gas Consumption
* \#58259 \[SC-Low] Broken operator logic inside AlchemistCurator
* \#58323 \[SC-Critical] The Alchemist::burn function experiences precision loss, resulting in the avoidance of protocol fees
* \#58324 \[SC-High] Incorrect Return Value in \_deallocate Function Leads to Permanent Fund Locking in MYTStrategy Implementations
* \#58363 \[SC-High] Accounting Corruption in Liquidations Due to Missing Global Counter Update
* \#57582 \[SC-Critical] Calling \_earmark one block apart skips the block's earmark value
* \#58076 \[SC-Insight] Fix unit mismatch in \_doLiquidation: collateralInUnderlying -> collateralInDebt
* \#57972 \[SC-High] liquidation doesn't update \_mytSharesDeposited
* \#58735 \[SC-Insight] \`\`calculateLiquidation\`\` reverts due to divide by \`\`ZERO\`\` if \`\`targetCollateralization = FIXED\_POINT\_SCALAR\`\`
* \#58472 \[SC-High] Liquidator Base Fee Seized but Not Paid Due to Post‑Deduction Balance Check
* \#57563 \[SC-Insight] Reward tokens being permanently frozen in TokeAutoUSDStrategy
* \#58386 \[SC-Low] Rewards claimed during deallocation remain stranded on strategy and unaccounted
* \#58689 \[SC-Critical] Incorrect deduction logic in \`AlchemistV3::redeem()\` may lead to insufficient contract collateral
* \#56815 \[SC-High] Missing \`\_mytSharesDeposited\` Decrements in Internal Outflows cause TVL Inflation & Deposit DoS
* \#56359 \[SC-High] Permanent Deposit Freeze After \_forceRepay() Misaccounts Freed Shares
* \#58605 \[SC-Medium] Missing \_claimRewards in AaveV3ARBUSDCStrategy leads to permanent freezing of accrued Aave incentives
* \#58615 \[SC-High] \_mytSharesDeposited didn't get updated after \_forceRepay && \_doLiquidation called
* \#58275 \[SC-High] account.rawLocked not clear even when debt is clear
* \#57725 \[SC-High] # \`AlchemistV::liquidate\` is not updating the \`\_mytSharesDeposited\` which makes it inflated and can cause deposits DoS and liquidations malfunction that may cause protocol insolvency.
* \#57752 \[SC-Medium] Aave and Euler incentives for MYT will be lost due to unimplemented \`\_claimRewards\` function
* \#56702 \[SC-Critical] \`claimRedemption\` would not return all alAsset that is not get converted to MYT in some case
* \#57665 \[SC-Low] Incorrect Balance Measurement in \`\_deallocate\` function of \`MorphoYearnOGWETHStrategy\`
* \#58270 \[SC-Critical] incorrect handling of debt cover in redeem can affect early liquidation and incorrectly sync accounts
* \#57697 \[SC-Low] Missing Recipient & \`from\` Checks in ZeroXSwapVerifier Enable Direct Asset Theft
* \#57866 \[SC-Low] Failure to verify the recipient's address can result in the theft of purchased tokens
* \#58578 \[SC-Low] ZeroXSwapVerifier allows attackers to drain strategy tokens via crafted calldata
* \#58575 \[SC-Low] Operator Limit Bypass
* \#58506 \[SC-Low] Adjusted Cap Limits Are Never Enforced
* \#58794 \[SC-High] Hardcoded 0 amount as the minSharesOut to depositMax(...) function call does not provide slippage protection
* \#56328 \[SC-Insight] Redundant require statement in EulerUSDCStrategy \_deallocate function leads to unnecessary gas consumption
* \#57506 \[SC-High] force repay don't update cumulativeEarmarked variable
* \#56936 \[SC-High] Missing \`\_mytSharesDeposited\` decrements on repay/liquidation → TVL drift, false over‑collateralization, and deposit‑cap DoS
* \#58797 \[SC-Low] The \`TokeAuto\` strategies implementation does not accurately report the actual assets held by the strategy
* \#58796 \[SC-Low] Incorrect balance snapshot in \_deallocate() causes wethRedeemed always = 0
* \#56801 \[SC-Insight] Function burn could be gas optimized
* \#57749 \[SC-Low] ZeroXSwapVerifier misses critical sender/recipient/minOut validations, allowing malicious 0x calldata to drain funds (Critical — Direct theft)
* \#57090 \[SC-Low] Ownership Transfer Failure in [\`AlchemistCurator\`](https://github.com/alchemix-finance/v3-poc/blob/immunefi_audit/src/AlchemistCurator.sol) Prevents Future DAO Governance or Recovery
* \#56583 \[SC-Low] Wrong 2 step transferAdminOwnerShip logic and insufficient checks in AlchemistCurator.sol leads to permanent admin ownership loss
* \#58081 \[SC-Medium] Missing check in function \`AlchemistV3::setMinimumCollateralization\` could lead to set \`minimumCollateralization > globalMinimumCollateralization\`.
* \#58291 \[SC-Medium] Unlike setters collateralization functions, AlchemistV3::initialize doesnt enforce collateralization invariants allowing to break them
* \#57916 \[SC-Critical] Repay removes earmark, meant to be reducing debt while collateral is still reduced
* \#58257 \[SC-Low] In TokeAutoETH deallocate can be DOSed if the vault incuring losses
* \#56406 \[SC-Insight] \`getEstimatedYield\` never updates after snapshots
* \#56491 \[SC-Critical] User Collateral Loss Triggered by setMinimumCollateralization Update
* \#56830 \[SC-Low] Broken admin Ownership transfer Logic, acceptAdminOwnership() requires current admin instead of pending Admin, Blocking Role Claim.
* \#58513 \[SC-Low] Broken Access Control in AlchemistCurator.acceptAdminOwnership() Prevents Admin Transfer
* \#56911 \[SC-Low] Incorrectly implemented two-step admin ownership transfer mechanism prevents new admin to accept role
* \#56730 \[SC-Insight] Transmuter \`tokenURI()\` is not EIP-721 compliance
* \#57328 \[SC-Low] Once \`tokeLockDuration\` is the opposite of zero in \`TokeAutoEthStrategy\`, accumulated rewards in \`accToke\` can be stuck
* \#56389 \[SC-High] \`\_mytSharesDeposited\` is not updated on liquidation outflows which could lead to solvency illusion and misreported global ratios
* \#58519 \[SC-High] Double Counting of Collateral Due to \`\_mytSharesDeposited\` not being updated during liquidations
* \#57316 \[SC-Low] Allocation Cap Enforcement Missing & DeadCode
* \#57760 \[SC-High] MytStrategy.\_allocate/\_deallocate doesnt account for profit and loss
* \#56776 \[SC-High] TVL Manipulation via Missing \_mytSharesDeposited Decrement in Liquidations
* \#57553 \[SC-High] \_mytSharesDeposited is not updated in liquidations which breaks bad debt ratio/alchemistCR calculations and causes failures in bad debt handling and liquidation handling
* \#58067 \[SC-High] Asymmetric deallocation in TokeAutoEthStrategy leads to permanent WETH funds stuck in strategy
* \#58754 \[SC-High] Missing \`\_mytSharesDeposited\` decrements in \`AlchemistV3\` \`\_forceRepay\`/\`\_doLiquidation\`
* \#58168 \[SC-Medium] Safe Position Liquidation Vulnerability in AlchemistV3 When minimumCollateralization Equals collateralizationLowerBound
* \#58177 \[SC-High] Transmuter::claimRedemption cant update \_mytSharesDeposited leading to permanent underlying value state inside Alchemist
* \#58552 \[SC-Insight] Single transfer instead of multiple saves gas
* \#57787 \[SC-High] asset can be transferred to strategies even when the killSwitch enabled without posibility to use this funds for allocation
* \#57791 \[SC-Insight] Receipt Token Misconfiguration in Aave Strategies
* \#57617 \[SC-Critical] Protocol-paid repayment fee transfer allows draining of protocol MYT (yield)
* \#57189 \[SC-High] AlchemistCurator contract not implement setForceDeallocatePenalty
* \#58616 \[SC-Medium] Liquidation can revert due to 0 amount fee withdraw
* \#56582 \[SC-Low] AlchemistCurator::removeStrategy is unable to remove strategies from vaults due to wrong logic implementation
* \#57973 \[SC-Critical] repay doesnt set lastTransmuterTokenBalance leading to the same balance covering earmark twice
* \#58301 \[SC-Critical] Accounting Issue in Liquidation Logic After Force Repay we charge repayment fee even if collateral balanc cannot account for it
* \#56800 \[SC-Medium] Minimum collateral change lets liquidators seize compliant accounts
* \#56832 \[SC-Low] AlchemistCurator contract doesn't allow to remove strategies from the MYT morpho V2 vault.
* \#56845 \[SC-High] The deposit will be reverted because \`\_mytSharesDeposited\` references an outdated value
* \#57806 \[SC-Low] Staking Graph argument bounds are incorrectly defined
* \#57335 \[SC-Medium] Zero min-out ERC-4626 deposits cause under-mint and permanent allocation loss
* \#58728 \[SC-Medium] When the strategy is at a loss, the assets cannot be withdrawn
* \#58393 \[SC-Low] Wrong order in balance querying instructions in MorphoYearnOGWETHStrategy::\_deallocate function leads to always emit StrategyDeallocationLoss event
* \#57918 \[SC-High] Incorrect \`totalLocked\` Collateral Accounting in AlchemistV3
* \#58352 \[SC-Low] Assets Become Permanently Stuck in TokeAutoEth Strategy Due to Strict Balance Check
* \#58036 \[SC-Critical] Incorrect Fee Deduction May Drain Collateral Pool When Account Balance Is Insufficient
* \#58542 \[SC-Low] \[Low] Logic Error in MorphoYearnOGWETHStrategy.\_deallocate(): \`wethRedeemed\` Always Zero → All Deallocations Emit \`StrategyDeallocationLoss\`
* \#58357 \[SC-Low] Permanent Freezing of TokeAutoEth strategy rewards in MYT Vault
* \#57511 \[SC-Medium] Protocol could atleast be taking a part of the protocol fee
* \#58611 \[SC-Medium] Double-counting of earmarked debt repayments as cover leads to user funds being stuck and protocol insolvency.
* \#56572 \[SC-Insight] Aave V3 lending pool is immutable in Aave strategies
* \#56949 \[SC-Insight] Uncapped collateral transfer in redemption leads to accounting discrepancy enabling theft of user funds
* \#58515 \[SC-Medium] A liquidated position can end the liquidation process still below \`collateralizationLowerBound\`, allowing for double liquidation of positions.
* \#57272 \[SC-Medium] Silent Failures on Moonwell Deposit are not catched by strategy
* \#57057 \[SC-Low] Wrong order of balance checks in MorphoYearnOGWETHStrategy
* \#57251 \[SC-Low] Curator Cannot Remove Adapter Due to Timelock Requirement
* \#56887 \[SC-Low] Incorrect balance tracking in MorphoYearnOGWETHStrategy \_deallocate function leads to wrong loss event emission(Resend))
* \#58787 \[SC-Medium] When allocation amount is greater than the maxDeposit of TokeAutoETh.sol, the remaining is stuck in TokeAutoEth.sol
* \#56324 \[SC-Low] Missing \`\`\`from==owner \`\`\`check in transferFrom verifier → direct theft of user funds
* \#58658 \[SC-High] cumulativeEarmarked not updated
* \#58087 \[SC-Medium] MoonwellUSDCStrategy ignores redeemUnderlying error codes → temporary freezing of funds (withdrawals revert)
* \#58743 \[SC-Low] ZeroXSwapVerifier Recipient Validation Bypass
* \#58730 \[SC-Medium] An attacker can prevent any TokenAuto strategy allocation by making a donation to the vault of as little as 1 wei of underlying token
* \#58181 \[SC-Medium] A griefer can cause a permanent DoS in TokeAutoETH/TokeAutoUSDCStrategy::allocate.
* \#57852 \[SC-Critical] Old borrowers steal from new borrowers after redemptions are claimed
* \#58703 \[SC-Insight] Cached interest rate calculation in PeapodsETH strategy leads to inaccurate APR/APY estimates
* \#56809 \[SC-High] Vulnerable redemption survival ratio in \_sync allows theft of alTokens
* \#57066 \[SC-Critical] A malicious actor can keep calling \`poke\` at every block to prevent collateral earmarking exposing transmuter users to delayed redemptions and loss of funds
* \#58564 \[SC-Critical] Earmarked funds fail to accumulate when \_earmark is called in consecutive blocks
* \#58544 \[SC-Critical] it is possible to underflow on \`\_sync\` making positions bricked forever
* \#58146 \[SC-Insight] Whitelist can be disabled repeatedly, contradicting intended program behavior.
* \#56365 \[SC-Critical] Liquidation Fee Overdraft Drains Pooled Collateral
* \#56775 \[SC-Medium] Permanent freezing of funds from precision/dust + strict deallocation check
* \#56622 \[SC-Critical] Repayment Fee Overpays Liquidators Using Pooled Collateral After \_forceRepay
* \#56740 \[SC-Critical] Unbounded Liquidation Fee Allows Theft of Shared Collateral
* \#57330 \[SC-Critical] \_resolveRepaymentFee returns initial fee when fee is greater collateral balance
* \#56895 \[SC-Insight] Function approveMint is vulnerable to race conditions
* \#58209 \[SC-Medium] Lack of Slippage Protection in Transmuter.claimRedemption and AlchemistV3.withdraw Leads to User Yield Losses
* \#57114 \[SC-Low] Inherited \`setAdmin\` function allows to bypass two-step admin ownership transfer mechanism
* \#56442 \[SC-High] Inflated \`\_totalLocked\` because vault yield accrual would skew \`\_collateralWeight\` calculation
* \#58035 \[SC-High] killSwitch early-return in strategy causes vault-to-adapter asset leakage, mis-accounting, and deallocation DOS
* \#56878 \[SC-Medium] The permissionedCalls check can be bypass
* \#58198 \[SC-Low] Broken Two-Step Admin Transfer Pattern
* \#56418 \[SC-Low] Two step owner transfer is broken and can lead to unforseen damages
* \#57622 \[SC-Low] Lack of claimed reward handling in MYT strategies will keep all external token rewards stuck forever
* \#57017 \[SC-Medium] \`AaveV3ARBWETHStrategy\`cant claim AAVE incentive
* \#56465 \[SC-Low] \`getTotalDeposited\` doesn't reflect the correct total deposited
* \#57770 \[SC-Medium] Admin Can Bypass \`permissionedCalls\` Protection Using Multicall
* \#56956 \[SC-High] Lack of slippage control in Tokemak strategies can make MYT suffer losses on allocation
* \#58010 \[SC-High] Slippage tolerance not enforced in TokeAutoUSDStrategy
* \#56560 \[SC-High] Liquidation base fee transfer is gated by a condition that’s usually false
* \#57883 \[SC-High] \_mytSharesDeposited Updates in Liquidation Functions Leads to Critical TVL Inflation
* \#58129 \[SC-High] Missing \_mytSharesDeposited Update in \_forceRepay() Causes Accounting Inconsistency which can DOS deposit and Liquidation
* \#57544 \[SC-High] \`\_mytSharesDeposited\` is not reduced upon fee transfers to protocol
* \#58116 \[SC-High] TVL Accounting Mismatch Leading to Protocol Insolvency
* \#58260 \[SC-High] Inconsistent collateral accounting where Force-Repay/Liquidation transfer out MYT without adjusting TVL
* \#57439 \[SC-Low] Incorrect \`badDebtRatio\` rounding in \`Transmuter::claimRedemption()\` may cause funds to become permanently stuck
* \#57291 \[SC-Insight] Hardcoded Slippage in MYT Strategy
* \#58751 \[SC-Medium] \`setMinimumCollateralization\` allows for increasing the current \`minimumCollateralization\` , instantly exposing users to risk of liquidation
* \#58185 \[SC-Medium] Incorrect \_survivalAccumulator accounting logic after \_earmarkWeight reaches 128 breaks core system invariants and can lead to protocol insolvency
* \#58338 \[SC-Critical] AlchemistV3 Repayment Fee Can Exceed Remaining Collateral Leading to Position Insolvency
* \#56706 \[SC-Medium] StargateEthPoolStrategy Incomplete ETH Wrapping Causes Withdrawal DoS
* \#57526 \[SC-Medium] \`StargateEthPoolStrategy\` rounding mismatch freezes \`VaultV2\` allocations
* \#57565 \[SC-Medium] The amount of dust will be permanently locked in \`StargateEthPoolStrategy\`
* \#58022 \[SC-Medium] Accounting Mismatch and Fund Stuck Due to Dust ETH on StargateEthPoolStrategy
* \#58427 \[SC-Medium] \`StargateEthPoolStrategy::\_allocate()\` and \`\_deallocate()\` Inconsistent Dust Handling Causes ETH to be Permanently Locked in Strategy Contract
* \#56561 \[SC-Insight] Fee amount is recomputed multiple times when the initial value has already been cached
* \#58210 \[SC-Low] Incorrect balance measurement in deallocation disables loss detection in MorphoYearnOGWETH.
* \#57740 \[SC-High] EulerETH strategy will have WETH locked in the strategy contract
* \#56798 \[SC-Critical] Flash-Vote Exploit Drains All Funds via AlchemistAllocator
* \#58215 \[SC-High] Funds Can Become Permanently Stuck in Adapter When Kill Switch is Enabled
* \#58423 \[SC-Low] Pending Admin Cannot Accept Ownership Transfer in \`AlchemistCurator\`
* \#58346 \[SC-High] \_forceRepay() fails to decrement cumulativeEarmarked, breaking earmark invariant and skewing redemptions
* \#58196 \[SC-High] AaveV3ARBUSDCStrategy strategy will have its reward stuck in Aave USDC
* \#58105 \[SC-Medium] ZeroXSwapVerifier decodes execute payload with wrong ABI (bytes vs bytes\[]) → temporary freezing of funds
* \#58249 \[SC-Low] Broken Two-Step Admin Handover in AlchemistCurator
* \#57369 \[SC-High] Deallocation may revert due to an underflow
* \#57923 \[SC-Insight] Redundant Synthetic Transfers in claimRedemption When amountNottransmuted is Zero
* \#57183 \[SC-Medium] Missing Incentive Rewards Claiming in Multiple Strategy Contracts
* \#57812 \[SC-Medium] No function to claim Aave Incentives
* \#58239 \[SC-Medium] Missing Aave incentives rewards claiming mechanism leads to permanent loss of protocol royalties
* \#56427 \[SC-Insight] src/utils/PermissionedProxy.sol::setPermissionedCall incomplete event emission because it doesnt include value argument for signature
* \#56347 \[SC-Insight] burn contains redundant calculations
* \#56516 \[SC-High] allocate assets in killSwitch mode can lead to assets stuck on contract
* \#57394 \[SC-Low] \`acceptAdminOwnership()\` only allows the current admin to finalise transfers
* \#58124 \[SC-Low] Direct Theft of Funds via Malicious actions\[] in execute() Call Due to Incorrect Calldata Verification
* \#58130 \[SC-Medium] Asymmetric Validation in Collateralization Setters Allows Protocol Misconfiguration Breaking All Borrowing
* \#58080 \[SC-Medium] Aave V3 strategies fail to claim OP/ARB liquidity mining rewards, causing permanent loss of yield
* \#58131 \[SC-Critical] Rounding Errors in Debt-to-Collateral Conversions Allow Attackers to Drain Protocol Assets
* \#58627 \[SC-Low] Incorrect delta calculation in \_deallocate() causes wethRedeemed to always be zero.
* \#57825 \[SC-High] Forced repay cover enables double-counted debt reduction in redeem
* \#56923 \[SC-High] Missing cumulativeEarmarked Update in \_forceRepay Causes Incorrect Debt Accounting in AlchemistV3
* \#56927 \[SC-Medium] setMinimumCollateralization function also needs a another check
* \#57678 \[SC-High] Liquidation fee is deducted from user but not paid to liquidator
* \#56498 \[SC-Low] Reserve Drainage Due to Incorrect Balance Measurement
* \#58150 \[SC-High] Missing Slippage Protection in \`TokeAutoUSDStrategy::\_allocate\` Leads to Direct Theft of User Funds via MEV Sandwich Attacks
* \#56518 \[SC-Insight] \`claimWithdrawalQueue\` discards claimed amount
* \#56982 \[SC-Medium] Incorrect function selectors used in ZeroXSwapVerifier
* \#58101 \[SC-Critical] Repayment-only liquidation overpays fee from pooled collateral
* \#58266 \[SC-High] Partial liquidation strands base fee due to post-seizure balance check
* \#58322 \[SC-Low] Incorrect Emit Due to Wrong Ordering of wethBalanceBefore Calculation
* \#58360 \[SC-Low] Round-down calculation in \`convertToShares()\` leads to deallocation failure in TokeAutoEth strategy
* \#58356 \[SC-Insight] The Alchemist TokeAuto Strategies doesn't use recommended best practice by TokeAuto.
* \#58408 \[SC-Low] Underflow account.rawLocked on \_subDebt due to rounding inconsistency
* \#58410 \[SC-Low] Tokemak Strategy Deallocation Causes TOKE Token Lockup
* \#58419 \[SC-Low] AlchemistCurator two-step ownership transfer mis-implemented
* \#58469 \[SC-Low] Pending Admin Cannot Accept Ownership
* \#58782 \[SC-High] Rewards earned by EulerARBUSDCStrategy will not be withdrawable from Euler pool on Arbitrum
* \#56689 \[SC-Low] Reward token TOKE is stuck in MYT
* \#58555 \[SC-Low] \`AlchemistCurator\` 2-step ownership transfer is implemented incorrectly
* \#58428 \[SC-Low] TOKE reward loss when calling deallocate
* \#58376 \[SC-Low] claimRewards() function permanently locks earned Toke reward token on Morpho VaultV2
* \#58527 \[SC-Low] Complete loss of all reward value on TokeAutoEthStrategy \_claimRewards
* \#57692 \[SC-High] AlchemistV3 Liquidation Fee Loss Vulnerability
* \#58524 \[SC-High] When liquidating, there are cases where the Fee is not paid to the liquidator.
* \#56757 \[SC-High] Incorrect leftover-collateral check blocks liquidator fee payment leading broken incentives & delayed deleveraging
* \#56451 \[SC-Low] \`AlchemistAllocator::allocate()\` and \`deallocate()\` do not enforce cap checks as intended
* \#57644 \[SC-Low] Unenforced cap logic in AlchemistAllocator allows not controlled allocations
* \#58325 \[SC-Low] Operator Can Shift vault Funds to Risky Strategies Without Oversight, leading to potential loss of user funds.
* \#57101 \[SC-Critical] Same-block earmark early-exit leaves stale transmuter balance, causing under-earmarking
* \#58714 \[SC-Low] Pending Admin cannot accept Ownership in \`AlchemistCurator.sol\`
* \#58734 \[SC-Low] Broken strategy realAssets calculation
* \#58742 \[SC-High] Liquidators will not earn fees in some cases
* \#58759 \[SC-High] Yield Stuck in Adapter Contracts Forever
* \#58781 \[SC-High] \_totalLocked Accounting Mismatch Leading to Token Balance Deficit in AlchemistV3
* \#58780 \[SC-High] WETH Yield will be locked on AaveWETH pool on Arbitrum
* \#56983 \[SC-Low] Tokemak rewards sent to MYT vault contract (not strategy) -> rewards stranded
* \#58056 \[SC-Low] The Auto ETH and USDC staking rewards will stuck in vault
* \#57067 \[SC-Low] Overstated Per-Account Locked Collateral Due to Global Clamp in \_subDebt
* \#56332 \[SC-Low] Pending Admin Cannot Accept Ownership
* \#57479 \[SC-Low] Logical bug in \`AlchemistCurator::acceptAdminOwnership\`, asking to current admin to accept ownership.
* \#58007 \[SC-Low] \`pendingAdmin\` cannot call \`acceptAdminOwnership()\` to accept admin role
* \#58333 \[SC-Low] Incorrect onlyAdmin Modifier in acceptAdminOwnership
* \#57680 \[SC-High] PeapodsETHStrategy unable to withdraw yield from price share increase
* \#57476 \[SC-High] \_forceRepay() fails to decrement global cumulativeEarmarked
* \#58722 \[SC-Medium] TokenAuto strategy allocation uses maxDeposit which may allocate less than requested, leaving any excess funds permanently locked
* \#58522 \[SC-High] Earmark consumes excess cover, inflating cumulativeEarmarked
* \#56975 \[SC-High] Liquidation Fee Trapping in AlchemistV3
* \#57024 \[SC-Low] \`wethBalanceBefore\` is computed after withdrawal in \`\_deallocate\` function in MorphoYearnOGWETHStrategy contract, leading to systematic StrategyDeallocationLoss event emission.
* \#58115 \[SC-Medium] Incorrect WETH deposit amount prevents deposited ETH through \`receive\` function to cover strategy loss.
* \#58639 \[SC-Medium] \`\`Off by One\`\` issue in the \`\`\_forceRepay()\`\` function causes protocol to lose funds in the form of \`\`protocol fee\`\`.
* \#58403 \[SC-Medium] Missing Checks for Transaction Return Values in Moonwell Strategies
* \#57227 \[SC-Medium] Unchecked Return Codes in MoonwellUSDCStrategy Leading to Stuck Funds
* \#56909 \[SC-Low] Incorrect balance snapshot in strategy deallocation causes false loss events and masks real shortfalls
* \#56529 \[SC-Low] Incorrect token balance calculation in MorphoYearnOGWETHStrategy.sol::\_deallocate() leads to wrong event emitted every time
* \#57926 \[SC-Low] The conditional 'StrategyDeallocationLoss' event in \`MorphoYearnOGWETHStrategy::\_deallocate\` gets logged all the time due a misplacement in variable declaration
* \#56961 \[SC-Low] Incorrect balance snapshot check in \`\_deallocate()\` logs false deallocation loss in MorphoYearnOGWETH strategy
* \#56962 \[SC-Low] Balance Check Logic Error in \_deallocate() Function Leads to Broken Loss Detection and False Event Emissions
* \#58383 \[SC-High] Due to \`cumulativeEarmarked\` not being updated in \`Alchemix::\_forceRepay\` user funds are locked longer due to slower debt decay and Calculation of System Collaterization Rate is Inc...
* \#58769 \[SC-High] \`\_forceRepay\` fails to decrement global \`cumulativeEarmarked\`, causing redemption accounting desynchronization and potential protocol-wide redemption halt
* \#58799 \[SC-High] \`\_forceRepay\` does not reduce \`cumulativeEarmarked\` which leads to wrong accounting: users debts are incorrectly higher which can cause wrongful liquidations
* \#57704 \[SC-High] Missing Global State Update in \_forceRepay Leads to Permanent Freezing of Unclaimed Yield
* \#57023 \[SC-High] Global earmark not reduced in \_forceRepay lets redeem() over-burn global debt (cross-account leakage, protocol insolvency)
* \#58635 \[SC-High] \`\`cumulativeEarmarked\`\` is not subtracted in \`\`\_forceRepay()\`\`.
* \#57777 \[SC-Low] ZeroX swap verifier bypass enables direct theft of user funds
* \#56960 \[SC-Medium] Missing Slippage Protection During Redemption Execution, lead to loss of token for user.
* \#58079 \[SC-Low] Missing from validation in ZeroXSwapVerifier.verifySwapCalldata() enables direct theft of approved funds
* \#58289 \[SC-Low] Missing addresses Verification in ZeroXSwapVerifier
* \#57516 \[SC-Low] Arbitrary External Call in ZeroXSwapVerifier Leads to Theft of Unclaimed Yield
* \#57606 \[SC-Insight] Attacker can DoS deposits by hitting the deposit cap
* \#58492 \[SC-Medium] Unbounded Deposit Exposure in TokeAutoEthStrategy::\_allocate()
* \#57532 \[SC-High] Assets are not accounted for when the contract is in killSwitch mode
* \#57849 \[SC-High] Funds gets stuck even when killswitch is enabled
* \#58127 \[SC-Critical] Users can invoke the poke() function whenever the lastEarmarkDebtBlock is exactly one block behind the current block.number which lead to affecting users earmarked debt
* \#58723 \[SC-High] \`cumulativeEarmarked\` is not updated at \`\_forceRepay\`
* \#58418 \[SC-Low] \`verifySwapCalldata\` cant verify the output token of the swap
* \#57028 \[SC-Insight] Wrong amount variable in Repay event
* \#58705 \[SC-Low] Mismatch between emitted protocol fee and actual fee paid in \_forceRepay due to strict inequality check
* \#57832 \[SC-Insight] Cap Logic Error in AlchemistAllocator
* \#58534 \[SC-High] Zero Slippage Protection in Toke strategies Allocation
* \#58702 \[SC-High] No slippage provided in Auto strategy implementation will open room for MEV attacks
* \#56902 \[SC-High] Strategy Adapter \`AaveV3OPUSDCStrategy\` would not work well with aToken rebasing mechanism
* \#58287 \[SC-High] \_mytSharesDeposited is not updated on some token transfer
* \#58399 \[SC-Critical] Precision Loss in badDebtRatio Calculation Causes Overpayment and DOS
* \#58768 \[SC-High] \`\_mytSharesDeposited is not updated during liquidations, breaking core accounting
* \#56791 \[SC-High] Missing \`\_mytSharesDeposited\` Decrements in Token Transfers
* \#58207 \[SC-High] AlchemistV3 \_mytSharesDeposited Not Reduced When Repaid Collateral Sent to Transmuter
* \#57138 \[SC-Critical] Protocol subsidizes repayment fees during liquidation
* \#58040 \[SC-Low] removeStrategy() is Non-Functional
* \#57346 \[SC-Low] AlchemistAllocator Compares Incompatible Units (Asset Wei vs WAD Percentage)
* \#57441 \[SC-Critical] Repay-Only Fee Drain in AlchemistV3
* \#57982 \[SC-Low] Permanently stuck rewards in the Vault
* \#58473 \[SC-Low] Wrong redeemed amount calculation in MorphoYearnOGWETH strategy
* \#57378 \[SC-High] Impossible to withdraw yield from strategies
* \#58530 \[SC-High] Protocol insolvency via stale \`\_totalLocked\`: zeroed \`\_totalLocked\` prevents \`\_collateralWeight\` update in \`redeem()\` leading to missed collateral haircut
* \#56555 \[SC-Critical] User can avoid Bad Debt ratio scaling when claiming redeem, leading to protocol insolvency
* \#58110 \[SC-Low] MorphoYearnOGWETHStrategy will always report strategy loss
* \#58313 \[SC-Medium] Incorrect allocation accounting and dust handling in \`StargateEthPoolStrategy\` causes systematic loss, cap mis-accounting, and deallocation reverts
* \#58061 \[SC-High] Incorrect collateral and fee Check in \_doLiquidation Allows Liquidator to loose fee.
* \#57637 \[SC-Low] acceptAdminOwnership doesn't allow expected user approval
* \#56709 \[SC-Low] ZeroXSwapVerifier Missing Source Validation
* \#57208 \[SC-Insight] It is possible to prevent lowering the deposit cap by front-running
* \#57646 \[SC-Medium] ABI Signature Mismatch in ZeroXSwapVerifier Causes Complete Failure to Verify Legitimate 0x Settler Transactions
* \#58133 \[SC-Low] TOKE Rewards Permanently Locked in Strategy adapter
* \#57587 \[SC-Critical] \_earmark() reduction of transmuterDifference does not always account for the full transmuter balance diff which can cause permanent earmark to accrue in Alchemist
* \#57483 \[SC-Medium] Fees could be skipped when there is not enough collateral
* \#57771 \[SC-Medium] Fee not collected in \_forceRepay when should
* \#58718 \[SC-Medium] In \_forceRepay Protocol Fee Collection Leads to Theft of Unclaimed Yield
* \#58488 \[SC-Low] TokeAutoUSDStrategy claims rewards to itself automatically when deallocate is called but since reward token is Tokemak the rewards remain permanently locked
* \#57196 \[SC-High] Artificially inflated \`\_mytSharesDeposited\` in \`AlchemixV3.sol\` deflates bad debt ratio in \`Transmuter.sol\`
* \#58502 \[SC-High] Deposit cap denial of service due to stale \_mytSharesDeposited during liquidation
* \#58234 \[SC-Critical] There is a problem related ot Repayment Fee Overpayment can lead to Protocol Insolvency
* \#58491 \[SC-High] \_mytSharesDeposited Not Reduced on Liquidation, leading to Deposit Cap Bypass and potential insovency
* \#56628 \[SC-High] \`\_liquidate\` does not update \`\_mytSharesDeposited\` that is reduced by fees
* \#58395 \[SC-High] Repayment fee exit leaves \`\_mytSharesDeposited\` inflated, hiding protocol insolvency
* \#57533 \[SC-High] Inaccurate TVL Calculation Prevents Liquidations, Leading to Protocol Insolvency Risk
* \#58520 \[SC-Low] Pending admin cannot accept ownership
* \#58606 \[SC-High] Missing collateral accounting in liquidation leads to inflated bad debt calculations
* \#56545 \[SC-High] Force Repayment Leaves Stale Global Earmarks, Freezing Transmuter Redemptions
* \#56846 \[SC-Medium] Liquidation will return because of insufficient funds
* \#56719 \[SC-High] The function \_forcerepay reduces debt before clamp, creating unbacked loan forgiveness and protocol insolvency
* \#57123 \[SC-Low] Incorrect 2 step ownership in AlchemistCurator
* \#58464 \[SC-Critical] Repayment fee paid from protocol funds when user collateral is depleted
* \#58138 \[SC-Critical] Liquidator fees could surpass the user remaining collateral resulting in protocol insolvency
* \#56602 \[SC-Low] Function takes incorrect modifier
* \#58077 \[SC-Low] Reward tokens are incorrectly claimed to strategy contract during deallocation leads to permanent token loss
* \#57977 \[SC-High] Inconsistent rawLocked State of a user after subdebt Leads to Irrecoverable User Collateral Loss
* \#56737 \[SC-Medium] The return value of mint is not checked
* \#58334 \[SC-Medium] Incorrect Function Selectors
* \#58244 \[SC-Low] Incorrect balance check order in \`MorphoYearnOGWETH\` strategy leads to false deallocation loss events
* \#58033 \[SC-Medium] Unimplemented \`\_claimRewards()\` Function Results in Permanent Freezing of Aave Incentive Rewards
* \#57545 \[SC-Medium] Stargate ETH Strategy Rounding Bug

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/alchemix-v3.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.