A defi aggregator vault used delegatecall to execute strategy contracts, creating critical storage manipulation vulnerabilities. Malicious strategies could modify vault permissions and drain all deposited funds. Impact: 0M+ at risk.