stake / unstake reset token bucket lastRewardIndex, causing bucket rewards to be lost or nulled

setMintRate does not update reward index before applying new rate, leading to miscalculated rewards

improper Use of `initializer` Modifier in Symmetric Vesting Contract.

Reward Dilution Exploit Due to Continuous Incentive Addition in Staking Contract

An attacker could potentially drain the entire pool balance, including all user funds, from the `OracleLess` contract.

Missing Validation of recipient in `createOrder` Allows Attacker to back-Run Approvals, Resulting in Slippage Manipulation and Complete Fund Loss

Order ID Collision in `Bracket.sol` Contract Leads to Overwriting of Bracket Orders

Improper Stale Price Validation in `PythOracle` Contract Valid Data

Incorrect Take-Profit Logic in `checkInRange` for direction = true

Incorrect Fee Calculation in withdraw Leads to Undercharging and Mismanagement of $.totalDeposits