Staker at the boundary rank will receive fewer rewards in edge case

Early 72-digit adjustment in sqrt will lead to incorrect result exponent calculation

The rewards distribution system in SymmStaking could be disturbed due to missing precision factor.

The rewards distribution system in SymmStaking can be diluted by extending the state.periodFinish

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Reward manipulation vulnerability in StabilityPool

RToken's transfer function lead to loss of funds due to incorrect math

Users can borrow more assets than they have deposited as collateral

Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Attackers can double voting power and veToken amount by locking and increasing

Critical Economic Design Flaw in ZENO Zero-Coupon Bond Implementation Leads to Guaranteed User Losses

Stability pool does not consider RToken balance increase when DEToken is withdrawn

`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service

LendingPool deposits do not work with CurveVault due to lack of funds

There is no logic checking for RAACNFT price staleness before minting it

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

RAACToken burns less tokens than expected when feeCollector is unset

Incorrect Utilization Rate Calculation in `updateInterestRatesAndLiquidity`

`ReserveLibrary.getNormalizedDebt` doesn't return normalized debt

Inconsistent Fee Collector Address Validation in RAACMinter: Denial of Service for Disabling Fee Collection

`mint` function in RToken contract doesn't return the correct expected values, leading to emission of ReserveLibrary `Deposit` event and LendingPool `Deposit` event with incorrect values.

Limited veRaac Token Supply Triggers DoS, Hampering Proper Governance Participation.

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

User can claim coupon without participating for protocol activity, due to missing minimum duration between `create()` and `redeem()`

`Pool.transferReserveToAuction()` uses incorrect index for current auction

The proctol claims incorrect amount of fees in pool and this is unfair to users

The funds of the user can be lost while accessing with `joinBalancerAndPredeposit()`

`Pool.startAuction()` updates state variable `BondToken.globalPool` incorrectly

The mixing of updating `globalPool.previousPoolAmounts` and `globalPool.sharesPerToken` could increase the coupon tokens that bond holders can claim.

The funds of the protocol can be drained due to incorrect handling of cancel order.

The user overpays the USDA amount for downside protection while withdrawing

The user can withdraw more collateral due to uncheck for `strikePrice`

Incorrect calculation for borrowing fees

The invariants of protocol could be broken due to not updating `lastEthprice` while depositing

The `CDS.withdraw` will be DOS when current `exchangeRate` is fewer than liquidation exchangeRate

The funds of the ReputationMarket contract can be drained due to incorrect accounting of fees.

User can seize most incentives without participating in activity for protocol.