Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Stability pool does not consider RToken balance increase when DEToken is withdrawn

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

LendingPool deposits do not work with CurveVault due to lack of funds

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

User may not be able to increase the amount of locked RAAC tokens

Incorrect BoostCalculator::endTime expectations cause DOS which attackers can use to manipulate key votes

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Underflow when updating credit delegation will result protocol DoS

The protocol is insolvent

No way to set UsdTokenSwapConfig pd curve parameters

No Auction can succeed

buyVotes have an accounting error that make the protocol insolvent

increaseVouch reward the own vouch of the caller

The buyVotes function charge fees for votes that the user didn't buy

A mallicious user can avoid a slashing event during the evaluation period of the slasher contract

TaxTokensReceipts is not usable as collateral in the Auction contract

The buyer can not receive his NFT in the BuyOrder contract

DOS in extendLoan because of an Underflow

extendLoan will always charge the max fees for the borrower

DOS attack in the lendOrderFactory

Loss of funds for a user due to incorrect state updates while unstaking

TokenManager - Unlimited withdraw

Native token withdrawal fails until manually approved

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

Token withdrawal fails until someone manually approves spending

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

Users' newly created positions can be prematurely closed and removed from the vault directly after they are created

Due to interest rates update method, Interest-Free Loans are possible and the Cost of DoS are reduced

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Selling will be bricked if all other tokens are withdrawn to ERC20 token

A subject creator within a single block can claim holder fees without holding due to unprotected reentrancy path

onBalanceChange causes previously unclaimed rewards to be cleared

PnL system can be broken by large users intentionally or unintentionally.