Potentially Undercollateralized Loans Can Be Accepted

Wrong Redeem Amount Transferred

USDT Transfers Will Fail Due To No Boolean Returned On Mainnet

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Public `ServiceNft::updateImpact` call leads to cascading issue

Functions in FERC20 can't be invoked

No slippage protection during adding liquidity to uniswap

[H-1] Missing totalSupply Reduction in burnFrom Allows Supply Manipulation (ERC20 Violation)

Missing Slippage Protection On Buy And Sell

PerpetualVault can be completely bricked

getExecutionGasLimit() reports a lower gas limit due to gasPerSwap miscalculation

Functions that rely on chainlink prices cannot be queried on avalanche due to sequencer uptime check.

Incorrect Token Price Validation in KeeperProxy

Protocol Recovery Mechanism at Risk Due to Unhandled Token Transfer Failures

`BaseGauge` users can claim rewards without staking

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

RToken's transfer function lead to loss of funds due to incorrect math

Users can borrow more assets than they have deposited as collateral

Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times

NFTs Get Permanently Locked in Stability Pool After Liquidation

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Treasury Balance Tracking Bypass in FeeCollector

Gauge rewards are not transferred to gauge when distributeRewards() is called

Untracked Direct Fee Transfers from RAACToken to FeeCollector Break Fee Distribution System

Voting Power Snapshot Missing

Stability pool does not consider RToken balance increase when DEToken is withdrawn

Multiple calls to `BaseGauge::notifyRewardAmount()` override existing reward rate, causing loss of rewards for stakers

[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw

Timelock Controller Retains Canceled Proposals, Enabling Unauthorized Execution and severe Governance Voting manipulation.

`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function

Gauge reward period can be extended indefinitely

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service

LendingPool deposits do not work with CurveVault due to lack of funds

Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

Using balanceOf Instead of Voting Power

There is no logic checking for RAACNFT price staleness before minting it

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

Owner Can Change Vote Results After Voting Ends by Updating Quorum Numbers for New proposals

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

User may not be able to increase the amount of locked RAAC tokens

Missing Liquidity Rebalancing in Repayments and Liquidations Leading to Inefficient Liquidity Management

Permanent boost inflation through delegation removal in Boostcontroller.sol

Failure to Withdraw Liquidity to RToken.sol Before Changing Curve Vault Address

Multiple Token Management Lets Withdraw a Token Different than Deposited Token

Proposal Front-Running via Predictable Salt in `TimelockController::scheduleBatch`

Misuse of Raw vs. Normalized Values in Utilization Rate Calculation

Interest Rate Model Uses Prime Rate Instead of Optimal Rate at Optimal Utilization

balanceOf(address(this)) in StabilityPool causes reward distribution to be higher than it should be

Users Cannot Remove Their Own Boost Delegation, Causing Potential Lock-In

Incorrect Utilization Rate Calculation in `updateInterestRatesAndLiquidity`

The earned yield from the Curve vault can never be utilized when withdrawing or borrowing

Canceled vote still get voted on and accumulate voting power in Goverance.sol

Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions

Impossible to rescue funds from `RToken` contract

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Missing Checkpoint Reset in `veRAACToken::emergencyWithdraw` Function

Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Boost Delegation Allows Invalid Recipients on BoostController

Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures

Deposits/Withdrawals can be DOS'ed if crvVault::withdraw produces any losses

Incorrect Comparison Between Scaled and Unscaled Amounts in _repay

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Multiple instances where Vault's `totalAssets()` is not properly scaled to ZAROS precision

Underflow when updating credit delegation will result protocol DoS

Vaults weth reward is not distributed correctly

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

Fee Recipient Shares Cannot Be Decreased When Total Fee recipients’s share is at Max Limit

Refund Underflow in Swap Refund Logic Leading to Locked Funds

Wrong values of newly added `vault`

Lack of credit capacity update from VaultRouterBranch::deposit causes DOS in CreditDelegationBranch::depositcreditformarket

`checkFeeDistributionNeeded` Will Not Work With Low Decimal Assets

Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency

No Mechanism to Remove Fee Recipients Can Lead to Failed Reward Distributions

rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc

`initiateSwap` allows users to initiate swap even when the vault is paused

Lack of an update of the pool state will cause Initiate Swap to return an incorrect Amountout

Total debt used in fulfiling swap actions is wrong because we did not update the vault.

Out-of-Bounds Array Access in `_calculateQuantAMMVariance` with Odd Number of Assets and Vector Lambda

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

`setUpdateWeightRunnerAddress` could break the protocol

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Missing Router Update Mechanism in StrategyMainnet Contract

Old router retains token allowance after update

In `transferVesting`, the `grantorVesting.releaseRate` is calculated incorrectly, which leads to the sender being able to unlock more tokens than were initially locked.

MarketPlace Change In Vesting Manager, Leads To Loss Of Previous MarketPlace Listing

Creator of one vesting plan can affect vesting plans created by other users.

`buyFee` And `sellFee` Should Be Known Before Purchase

Incorrect referral fee calculations

Minting zero tokens when underlyingToken is not Ether in cashIn()

Anyone can call `LamboRebalanceOnUniwap.sol::rebalance()` function with any arbitrary value, leading to rebalancing goal i.e. (1:1 peg) unsuccessful.

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

`LamboRebalanceOnUniswap::_getTokenInOut` formula used to compute rebalancing amount is wrong for a UniV3 pool

Missing Slippage Protection Will Lose Funds Of Users When Selling Votes

No protection implemented against listing clone NFTs

Subtraction in `variance()` will revert due to underflow

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

Platform fees withdrawal will sweep oracle agents earned fees

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

Update state requests or Purchase requests occurring at the end of the phase will not process

Inaccurate best response selection in `LLMOracleCoordinator::getBestResponse`.

Sequential Fee Calculations Lead to Lost Platform Revenue Due to Precision Loss

Consensus Mechanism Allows Participation Of Voters With Insufficent Stake

`SablierFlowBase` Lacks `EIP-165` Compliance for `EIP4906` Interface Support

Remove splitter will always revert if there are some rewards left on splitter contract

Removed vaults still remain valid in `OperatorVCS`

[WithdrawalPool.sol] Prevent efficient return of data in getBatchIds() by blocking updateWithdrawalBatchIdCutoff() update of newWithdrawalIdCutoff

AuraVault inherits AccessControl BUT does not call the _setupRole() function in it's constructor to set the initial roles, this leads to a complete DOS of the important claim function rendering the contract unable to claim rewards

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Incompatibility with Multisig Wallets in `TempleGold::send` Function

Changes to vesting period is not handled inside `_getVestingRate`

Vultisig whitelisting can be bypassed by anyone

Vultisig should be burnable

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

High 01 DoS In Claiming

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal