Missing swap-withdrawal validation enables accumulated token drainage

Any attacker will steal refund tokens from `GatewayTransferNative` users with failed cross-chain transactions to non-EVM chains

Any attacker will steal accumulated ZRC20 tokens from `GatewayTransferNative` contract

Fee calculation bug enables protocol fund drainage or transaction failures

Users withdrawing to Bitcoin will lose funds permanently when transactions fail

ETH Refunds Always Fail Due to Incorrect Transfer Function Usage in `onRevert`

Malicious Attackers Will Cause Denial of Service for Incoming Cross-Chain Transfers via GatewayCrossChain Contract

Cross-Chain Debt Tracking Failure Allows Unlimited Over-Borrowing

Cross-Chain Borrowing Non-Atomic Vulnerability with Guaranteed Exploit Window

Cross-Chain Repayment Accounting Error

Double Interest Calculation Causes Overly Restrictive Borrowing

Missing Validation in payWithERC20 Will Allow Unauthorized Token Transfers

Wrong amount is minted to user when they deposit into the lending pool

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

Users can borrow more assets than they have deposited as collateral

Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle

RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation

Boost Miscalculation Leads to Excess Distribution

Interest Accrual Failure Due to Incorrect Scaling in RToken Implementation

Ineffective Time-Weighted Average Implementation in Fee Distribution

Voting Power Snapshot Missing

Users can lose additional collateral by depositing NFTs after grace period expiration

[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations

closeLiquidation within LendingPool does not allow partial repayments, which can cause massive losses to users within edge case

Period Mismatch in Pool-Auction Interaction Will Prevent Reserve Transfer for Successful Auctions

Users Accumulate Bond Shares During Failed Auctions Without USDC Backing

USDC Blocklist Feature Can DOS Auction By Breaking Remove/Refund Logic

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

Rounding error in stepDuration calculations.

Double Accounting of Fees will lead to an Inflated marketFunds

Lack of Validation for `tierConfigs[i].minted` Value in New Tiers During DAO Membership Update