No existance check of `trancheId` in the `_stakeNxm` function

The `stake()` and `unstake()` erases the accrued rewards

The reward will be distributed when `totalStakedAmount = 0`

Splitting swap in multiple small amounts will produce more output

deposit() doesn't have slippage check

The staker at the boundary remains in tier2 in certain case

Early 72-digit adjustment in sqrt will lead to incorrect result exponent calculation

Precision loss in `toPackedFloat` function when mantissa is in range - (`MAX_M_DIGIT_NUMBER`, `MIN_L_DIGIT_NUMBER`)

Attacker can dilute reward mechanism by invoking `notifyRewardAmount()`

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Reward manipulation vulnerability in StabilityPool

Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times

Stability pool does not consider RToken balance increase when DEToken is withdrawn

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

`ReserveLibrary.getNormalizedDebt` doesn't return normalized debt

Users can claim coupons without engaging in protocol activities due to the absence of a minimum duration between `create()` and `redeem()`

`Pool.transferReserveToAuction()` reverts due to incorrect usage of index for current auction

The fee calculation which the protocol claims is incorrect and this could unfair to users

User funds can be lost during `joinBalancerAndPredeposit()` access

The state variable `BondToken.globalPool` is updated incorrectly via `Pool.startAuction()`

The `BondToken.increaseIndexedAssetPeriod()` involves incorrect logic for updating state variable `globalPool`