Tapioca DAO Sherlock About Sherlock coverage: https://x.com/sherlockdefi/status/1780909550033379622 Personal X Announcement: https://x.com/windhustler/status/1780933785220981019 Reports Risk Title 🟥 High All ETH can be stolen during rebalancing for mTOFTs that hold native 🟥 High Pending allowances can be exploited 🟥 High TOFT can be forcefully unwrapped resulting in long-term DoS 🟨 Medium Composing approval with other messages is subject to DoS 🟨 Medium StargateRouter cannot send payloads and rebalancing of ERC20s is broken 🟨 Medium mTOFT can be forced to receive the wrong ERC20 leading to token lockup 🟨 Medium Stargate Pools conversion rate leads to token accumulation inside the Balancer contract 🟨 Medium Gas parameters for Stargate swap are hardcoded leading to stuck messages 🟨 Medium TOFTMarketReceiverModule::marketBorrowReceiver flow is broken 🟨 Medium Pausable is not implemented 🟨 Medium LeverageExecutor is not working inside BBLeverage and SGLeverage