In `FluidLocker::provideLiquidity` an adversary can bypass the required 1% pump, breaking the intended buy pressure function for all LP providers

`CoreRouter.sol` allows new borrowers to borrow way more than their collateral should allow them to

Adversary can frontrun `_handleValidBorrowRequest()` to redeem or borrow again even though he has already received the borrowed tokens

`CoreRouter.sol`’s `repayBorrowInternal` incorrectly updates `same chain` borrow balances on `cross chain` repayments

A whale adversary can grief the redeem functionality through redeem limit consumption

`Launch.sol::updateParticipation` uses an incorrect variable to check the minimum user token allocation allowed, which can result in an underflow DOS in certain instances

`userTokens` accounting in `Launch.sol::updateParticipation` is updated incorrectly and can lead to loss of user funds, DOS and a broken invariant

Bad actors can manipulate USDT/USDA exchange rates in `CDS.redeemUSDT()` to redeem an unlimited amount of USDT until Treasury is drained

`borrowing.renewOptions()`'s promised 30 days 80% downside protection is not enforced in the `borrowing.liquidate()` or anywhere in the `borrowing.sol`

CDS deposits' `lockingPeriod` is not enforced in CDS.withdraw(), allowing premature exits and creating unfair advantages

Incorrect global borrower count decrement in `BorrowLib.withdraw()` due to local chain validation

Malicious users can completely evade the slashing in `EthosVouch::slash` by unvouching before `slash` is called, due to the missing 24h lockdown period implementation, resulting in lost slashing fees for Ethos