The current implementation is incompatible with `WBTC` as collateral token

Frequent reward updates for tokens with less decimals will prevent stakers from receiving rewards

`StakingRewards` reward rate can be dragged out and diluted

`BaseGauge` users can claim rewards without staking

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

RToken's transfer function lead to loss of funds due to incorrect math

Users can borrow more assets than they have deposited as collateral

RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation

Attackers can double voting power and veToken amount by locking and increasing

Incorrect Debt Token Accounting Due to Multiple Scaling Issues

Critical Economic Design Flaw in ZENO Zero-Coupon Bond Implementation Leads to Guaranteed User Losses

Future Stakers Gains More Rewards from Already Accumulated `rewardPerTokenStored` Causing Unfair Reward Distribution

[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw

Timelock Controller Retains Canceled Proposals, Enabling Unauthorized Execution and severe Governance Voting manipulation.

Missing Vote Frequency Control in GaugeController

Incorrect accounting in `veRAACToken::emergencyWithdraw` and `veRAACToken::withdraw` due to missing `totalLocked` update

`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service

RToken.transferFrom() Does Not Scale User Balances Due to Stale Liquidity Index

LendingPool deposits do not work with CurveVault due to lack of funds

Emergency Withdrawal Remains Active After Cancellation

Incorrect Period Transition Logic in Reward Distribution

Time-skew Attack in RWAGauge Weight Calculations Through Precision Gaming

Failure to update `lastClaimTime` mapping when users claim rewards in FeeCollector Causes Time-Based Reward Calculation Issues

Canceled vote still get voted on and accumulate voting power in Goverance.sol

Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions

Lack of enforcement of the `MAX_TOTAL_LOCKED_AMOUNT`

Improper Lock State Updates: Misreported Locked Token Data infects Governance Participation, rewards distribution and Harms Protocol Trust.

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Missing Checkpoint Reset in `veRAACToken::emergencyWithdraw` Function

Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

`DebtToken::burn`'s Return Values are wrong

Incorrect Values Returned in ReserveLibrary `withdraw` Function

Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures

Missing `BaseGauge::distributionCap` validation leads to over-emission of rewards

Missing Check for Gauge Activation Status in vote :: GaugeController.sol

Missing Validation for Minimum Vote Weight in `vote` Function

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Incorrect sequence of AaveDIVAWrapper constructor parameters

NativeMetaTransaction.sol :: executeMetaTransaction() failed txs are open to replay attacks.

Lack of Access Control on Raffle Cancellation Allows Arbitrary Users to Disrupt Raffle Creation

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

An Uninitialized Variable In The `MarketConfiguration::update` Function Causes The `PrepMarket::getIndexPrice` Function To Revert

Incompatibility with Multisig Wallets in `TempleGold::send` Function

Auction tokens cannot be recovered for the first ever spice auction

ThorChain will be informed wrongly about the unsuccessful ETH transfers due to the incorrect events emissions