Any depositor can pay for liquidity but receive zero shares, causing principal loss to the depositor in Liq.modify

Makers can permanently lock JIT penalty revenue from the protocol treasury

Denial of service for makers as any above-range partial liquidity reduction via adjustMaker

Maker adding small liquidity can trigger full-position JIT penalty on long-term LPs

Takers can underpay interest by exceeding 100% utilization, harming makers

An attacker can steal victim collateral

First depositor after zero-supply window will capture retroactive emissions from reward pool

Attacker can inflate share price and drain deposits from PortfolioToken users in PortfolioToken. _subDepositRewardsPoolCheck

MixedPriceOracleV4 will mis-detect price divergence and revert operations for protocol users in MixedPriceOracleV4. _getLatestPrice

Authorized Rebalancer EOA will cause denial-of-service for rebalancing on a (dstChainId, token) pair

SignatureRedeemQueue will revert ETH redemptions for users in SignatureRedeemQueue

Non-whitelisted sender can bypass transfer whitelist, blocking legitimate transfer in ShareManager.updateChecks

Disallowed asset in subvault will revert redeem, denying withdrawals in BasicRedeemHook.callHook

Zero Interest Rate Attack Due to Uninitialized Multiplier Due utilizationData.multiplier

Any user will permanently disable withdrawals for all users

Any user will block multi-token withdrawals for WETH-based vault depositors on CurveConvex2Token.unstakeAndExitPool

Any user can permanently lock withdrawal funds of LP users - AbstractSingleSidedLP.finalizeAndRedeemWithdrawRequest

Any EVM address can steal cross-chain refunds from legitimate recipients

Attacker can drain any ERC-20/ZRC-20 held by GatewayTransferNative, stealing users’ funds

Library mis-read the flag non-zero byte on decompressAccounts

Incorrect lToken-credit calculation in CoreRouter.supply()

Stale-rate payout error in CoreRouter.redeem()

Cross-Chain Liquidation Token Address Mismatch Vulnerability

Cross-Chain Router _checkLiquidationValid Liquidation Validation Bug

LEND Token Double-Claiming Vulnerability

_handleValidBorrowRequest in CrossChainRouter - Interest Calculation Bug

Double Interest Calculation in CoreRouter.borrow

Precision loss in `toPackedFloat` function when mantissa is in range - (`MAX_M_DIGIT_NUMBER`, `MIN_L_DIGIT_NUMBER`)

Lack of Access Control in `AgentNftV2::addValidator()` Enables Unauthorized Validator Injection and Causes Reward Accounting Inconsistencies

Public `ServiceNft::updateImpact` call leads to cascading issue

Precision loss in priceALast, priceBLass