owner can hide a staked nft via removeTokenIdAtIndex and inflate shares using this to make profit

Repeated staking into the same tranche duplicates entries thus breaking accounting

Stale tranche tracking after `extendedeposit` leads users to sandwich this and make profit before reset tranche is called

Stale rewardPerTokenStored enables reward drain when the same token is added again

ClaimRefund funds can be stolen by anybody

A malicious user can fully grief the refund mapping of a innocent user causing loss of funds to the users in the contract GatewayTransferNative.sol

Potential out of gas when frequently calling stake and unstake

Reward manipulation vulnerability in StabilityPool

Users can borrow more assets than they have deposited as collateral

Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Attackers can double voting power and veToken amount by locking and increasing

Incorrect accounting in `veRAACToken::emergencyWithdraw` and `veRAACToken::withdraw` due to missing `totalLocked` update

balanceOf(address(this)) in StabilityPool causes reward distribution to be higher than it should be

New markets are vulnerable to inflation attack

Market Funds Accounting Problem in ReputationMarket.sol

Platform fees withdrawal will sweep oracle agents earned fees

Unrestricted validation score range for validators in `LLMOracleCoordinator::validate`.

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.