Debt ADL threshold uses reserve-wide debt instead of the configured EMode-group borrow

Rate-limit capacity can be grief-burned across segment boundaries because inflow reductions only touch the current segment

Arbitrum Retryable-Ticket Refund/Value Not Verified Enables Timelock ETH Exfiltration

BuilderWallet `init()` is unprotected/re-initializable, enabling takeover and theft of builder fees

Cross-contract reentrancy in liquidation enables conversion of phantom shares to real shares, draining CollateralTracker assets

`InterestModel.calculateInterest()` can divide by zero when `wadExp()` underflows to 0, causing persistent interest-accrual failure

Missing access control in `WERC7575Vault` allows unauthorized withdrawals

Majority consensus threshold not enforced for even number of nodes

Unbounded associations per account make recovery initiation linear-time

`set_invocation_costs_config()` fails to authorize admin allowing anyone to set invocation costs

Systematic Overcharge in prices and x_prices: Fee Charged for Requested Records While Return is Capped at 20

`twap()` under-charges for multi-period queries due to hardcoded `periods=1`

Session signatures replay across wallets due to missing wallet binding

Fee collection DoS on native currency pools

Bucket reward wipe via stake/unstake index reset

Remote process crash (OOM) via post‑serialization size check and large batch aggregation in JSON‑RPC

Zero Config Values Can Crash or Stall the Prover Indefinitely

Total reward shares for token can reach zero after unlocking, causing `GTELaunchpadV2Pair` to be bricked

Price Accumulators Overflow in GTELaunchpadV2Pair contract Causes AMM-wide DoS