`Strategy collectFees` uses incorrect position range in `vestPosition` fee collection

Users can steal borrowed funds during `Leverager::withdraw` when `token1` is the borrowed `denomination`

Wrong amount is minted to user when they deposit into the lending pool

`BaseGauge` users can claim rewards without staking

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Gauge reward system can be gamed with repeatedly stake/withdraw

Missing Vote Frequency Control in GaugeController

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

Unrestricted proposal cancellation allows governance process manipulation

Wrong access control in `RAACToken::setFeeCollector`, `RAACToken::setSwapTaxRate`, `RAACToken::setBurnTaxRate`

FeeCollector stakeholders may receive less fee distribution due to unnecessarily precision loss

`mint` function in RToken contract doesn't return the correct expected values, leading to emission of ReserveLibrary `Deposit` event and LendingPool `Deposit` event with incorrect values.

Missing Controller Functions in GaugeController

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Missing `BaseGauge::distributionCap` validation leads to over-emission of rewards

`DebtToken::burn()` event parameters and return values ​​are incorrect

Wrong event emitted in `LendingPool::_repay`

Inconsistent time boundary check in `Governance::state` and `Governanane::castVote`

Rounding error in stepDuration calculations.

Minting zero tokens when underlyingToken is not Ether in cashIn()

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

Validation of `collateralRate` in `PerMarkets::createOffer` function

CreateOffer allows eachTradeTax to be 100% ( 10000 bp ) violating code assumptions

QA Report - 0xStalin - Low Severities

Incompatibility with Multisig Wallets in `TempleGold::send` Function

```LibUnripe::getTotalRecapitalizedPercent``` returns wrong ```recapitalizedPercent``` if ```totalUsdNeeded``` is 0

Missing validation for ```totalUsdNeeded``` in ```LibUnripe::getPenalizedUnderlying``` can lead to the ```urBean``` chopping block

```LibWstethEthOracle::getWstethEthPrice``` returns wrong ```wstETH/ETH``` price in some conditions impacting system operations

Rewards can be drained because of lack of access control

`costInEuros` calculation will incur precision loss due to division before multiplication

Division before multiplication results in lower `dittoMatchedShares` distributed to users

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

Centralization Risk for trusted organizers

Precision loss when calculating the health factor