Cross-Chain Refund Claim Vulnerability in GatewayCrossChain Contract

Token Mismatch Vulnerability in Cross-Chain DEX Swap Function

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

Delegation Boost Not Usable by Delegatees

`BaseGauge` users can claim rewards without staking

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

`GaugeController` does not send funds to FeeCollector disrupting fees distribution and causing loss of funds

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

RToken's transfer function lead to loss of funds due to incorrect math

Untracked Direct Fee Transfers from RAACToken to FeeCollector Break Fee Distribution System

Gauge reward system can be gamed with repeatedly stake/withdraw

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

There is no logic checking for RAACNFT price staleness before minting it

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations

`GaugeController::distributeRewards` can be called multiple times by anyone, leading to excessive reward distribution

Permanent boost inflation through delegation removal in Boostcontroller.sol

Average weight will always be 0, whenever period update occurs via `BaseGuage::updatePeriod()` function.

Unbounded Reward Accrual After Period End Enables Reward Manipulation Attacks

Missing Controller Functions in GaugeController

Unauthorized Vote Casting Vulnerability

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Deposits/Withdrawals can be DOS'ed if crvVault::withdraw produces any losses

`LendingPool` yield generated in curve vault is lost and cannot be withdrawn by users

Users will not be able to delegate their boost to more than one address as a result of an invalid check

Extra minting of raacTokens to stability pool; if `lastUpdateBlock` is reset to less value than earlier, by calling setLastUpdateBlock, in `RAACMinter.sol`.

Griefing attack via `LendingPool::updateState()` function.

In `Pool.sol::getRedeemAmount()` there is nothing for `marketRate` of levETH.

Incorrect logic for calculation of shares in `BondToken::getIndexedUserAmount`.

Precision loss in calculation of `redeemRate` in `Pool.sol::getRedeemAmount` function.

User can put any arbitrary `usdaPrice` and `usdtPrice` while calling `CDS.sol::redeemUSDT` function.

`CDS.sol::updateDownsideProtected()` can be called by anyone, with anyvalue changeing the state variable `downsideProtected`.

A user won't be able to get his redeemed amount by calling `borrowing.sol::redeemYields()`.

when `borrowing.sol::depositTokens` is called, stale `lastCumulativeRate` is being passed to `BorrowLib.deposit()` function.

Anyone can call `LamboRebalanceOnUniwap.sol::rebalance()` function with any arbitrary value, leading to rebalancing goal i.e. (1:1 peg) unsuccessful.