Unrestricted Multiple Claims of LEND Rewards Due to Missing Claim Tracking

Cross-Chain Borrow Accounting Bypass Allows Unlimited Borrowing

Inconsistent State Restoration in `cancelWithdrawal` Function

Wrong amount is minted to user when they deposit into the lending pool

Delegation Boost Not Usable by Delegatees

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Users can borrow more assets than they have deposited as collateral

Missing Vote Frequency Control in GaugeController

There is no logic checking for RAACNFT price staleness before minting it

Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

`GaugeController::distributeRewards` can be called multiple times by anyone, leading to excessive reward distribution

hardcoded baseamount in Updateuserboost fucntion causes users with small token holdings to receive higher boosts relative to their holdings t

Token Accounting Mismatch Between tick() and mintRewards() in RAACMinter

Emergency Withdrawal Remains Active After Cancellation

`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Incorrect Timestamp Tracking in RAACHousePrice contract

`emergencyUnlockEnabled` Is Never Used, Rendering “Emergency Unlock” Ineffective

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Lack of deadline check in forwarded request

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Ineffective proposal threshold validation allows setting arbitrary high values

Incorrect referral fee calculations