Learn from Reading Audit Reports (Sturdy Report)

Walkthrough of the Sturdy audit report from Code4rena. Learn to find more bugs by reading past audit reports.
https://code4rena.com/reports/2022-05-sturdy

Links to similar findings
https://github.com/andyfeili/sturdy

Smart Contract Auditing - Beginner Roadmap
https://www.youtube.com/watch?v=-469Gcye-ZE

Contents:
0:00 - [Intro]
5:22 - [H-01 Hard-coded slippage may freeze user funds during market turbulence]
8:21 - [H-02 The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault]
8:49 - [M-01 Possible lost msg.value]
10:38 - [M-02 UNISWAP_FEE is hardcoded which will lead to significant losses compared to optimal routing]
13:40 - [M-03 processYield() and distributeYield() may run out of gas and revert due to long list of extra rewards/yields]
15:01 - [M-04 ConvexCurveLPVault’s _transferYield can become stuck with zero reward transfer]
16:22 - [M-05 Withdrawing ETH collateral with max uint256 amount value reverts transaction]
17:01 - [M-06 Yield can be unfairly divided because of MEV/Just-in-time stablecoin deposits]