Whitelist Bypass in Agent Creation Functions Allowing Unauthorized Access

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

`BaseGauge` users can claim rewards without staking

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

Users can borrow more assets than they have deposited as collateral

Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle

Ineffective Time-Weighted Average Implementation in Fee Distribution

Users can lose additional collateral by depositing NFTs after grace period expiration

[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

closeLiquidation within LendingPool does not allow partial repayments, which can cause massive losses to users within edge case