Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Reward manipulation vulnerability in StabilityPool

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Treasury Balance Tracking Bypass in FeeCollector

Attackers can double voting power and veToken amount by locking and increasing

Users can lose additional collateral by depositing NFTs after grace period expiration

Missing Boost Balance and other parameters Update in veRAACToken Functions. Incomplete Boost State Updates Result in Inaccurate Voting Power and Reward Distribution

LendingPool deposits do not work with CurveVault due to lack of funds

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

There is no logic checking for RAACNFT price staleness before minting it

Concurrent Oracle Fulfillments Overwrite House IDs, which leads to Incorrect Pricing

Token Accounting Mismatch Between tick() and mintRewards() in RAACMinter

[L-1] Inaccurate boost calculations in `veRAACToken` due to wrong input parameter

Unauthorized Vote Casting Vulnerability

Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated

Incorrect Timestamp Tracking in RAACHousePrice contract

Incorrect Values Returned in ReserveLibrary `withdraw` Function

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Fee Recipient Shares Cannot Be Decreased When Total Fee recipients’s share is at Max Limit

Attacker can DoS in `DebitaLendOffer-Implementation::cancelOffer` Locking Users Funds

Incentive Exploit via Matching Lend and Borrow Offers

No LSTs transfer on node operator withdrawals resulting in stuck funds and loss for node operators

No way to update unbonding and claim periods

Failure to Delete Old Listings in `Listings::reserve` Allows Unauthorized Withdrawal of Reserved Items

Any user calling the `Locker::initializeCollection` function will loose both their ERC721 tokens and the ETH (WETH) they provide.

`shareBalance` bloating eventually blocks curator rewards distribution

`PhiFactory:claim` Potentially Causing Loss of Funds If `mintFee` Changed Beforehand

Refunds sent to incorrect addresses in certain cases

Incorrect Fee Handling Prevents Protocol from Updating Fees

[H-01] Incorrect Parameters in `WinnablesTicketManager::propagateRaffleWinner` Can Block Prize Claims

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Wrong minting logic based on total token count across generations