Precision Loss in Reward Calculations Undermines User Rewards

Locked funds due to underflow in withdrawal

[m-01] Withdraw Calculation Bug

[LP-01] Unit Mismatch in Participation Updates to over/under charging during participation updates

Critical Logic Mismatch in updateParticipation() Leads to Guaranteed Reverts or Corrupted Token Allocations

Wrong refundExecutionFee in _handleReturn

Wrong index causes last depositor to always get execution fee refund if cancelFlow is called by keeper to cancel a withdrawal

PerpetualVault withdrawals are affected by global parameter updates

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Ineffective proposal threshold validation allows setting arbitrary high values

Incorrect sequence of AaveDIVAWrapper constructor parameters

Rounding Arbitrage (Different Rounding for Trust vs. Distrust)

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Old router retains token allowance after update

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Users can claim more that their actual allotment

Creator of one vesting plan can affect vesting plans created by other users.

Listing potential can not be purchased with discounted price

updateDownsideProtected() to Deny Service and Cause Protocol Disruption

[M-03] No limit to how many orders can be pushed into pendingOrderIds[], potentially lead to DoS

Incorrect Freshness Logic Validation in PythOracle breaking the entire mechanism for triggering orders

Attacker will Deny Service by Manipulating downsideProtected in updateDownsideProtected()

Potential Integer Division Precision Loss in boostPrice Function Leads to Inaccurate Price Calculations