Funds can be stolen by any attacker when user uses a cross-chain payload with a non-20-byte “receiver.”

Incorrect Unit Conversion in Participation Update Can Lead to Incorrect Allocation and Fund Loss

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

Canceled vote still get voted on and accumulate voting power in Goverance.sol

Unauthorized Vote Casting Vulnerability

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Auction Price Calculation Fails to Reach Reserve Price Due to Integer Division Truncation

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Voucher Pool Fee Exploit via Minimal Initial Contribution

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

Sequential Fee Calculations Lead to Lost Platform Revenue Due to Precision Loss

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Zero address leads to transaction reverts

+= and -= are more expensive

Use of magic numbers

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

Zero address check for tokens

using x=x+y /x=x-y is more gas efficient than x+=y / x-=y

Use `==` instead for `<=` for `uints` when comparing for `zero` values

Constants should be be used for hardcoded values

Spelling errors

Typos