PM borrow liabilities are omitted from backing, allowing phantom surplus settlement

close_liquidity_mining_rewards can confiscate already-earned rewards from passive pre-existing users

Debt-side ADL checks global reserve debt instead of per-group debt, so one e-mode group can force-liquidate healthy users in another group

Epoch-boundary checkpoints retroactively qualify for the previous epoch's rewards

Variable Overwrite in checkPoolAndGetCenterPrice() Creates Dead-Code Deviation Check, Leaving All V3 Protocol-Owned Liquidity Operations Unprotected

UniswapPriceOracle.validatePrice() TWAP Calculation Flaw

Arbitrum Retryable-Ticket Refund/Value Not Verified Enables Timelock ETH Exfiltration

Incorrect clamp in MoneyMarket normal withdraw allows over-withdrawal from Liquidity, leading to direct theft of pooled user funds

Stored-credit IOU is assigned to `to_` but only claimable by `msg.sender`, permanently locking funds on Liquidity failure

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Users can claim more that their actual allotment

Listing potential can not be purchased with discounted price

Incorrect listing type validation bypasses enforcement of minimum purchase amount

Unauthorized Contracts Can Bypass Precompile Authorization via delegatecall in Kakarot zkEVM

Three valid signatures for the same message

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

_onTransferReceived() does not work as intended