LP Redelegation Uses Inaccurate Internal Tracker Amount, Leading to Potential Failures or Orphaned Funds

Critical Unauthorized ERC20 Token Draining Vulnerability in Payment Contract's payWithERC20 Function

An attacker will dilute rewards for legitimate stakers

[H-1] Missing totalSupply Reduction in burnFrom Allows Supply Manipulation (ERC20 Violation)

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations