MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Incorrect `if` check condition in the `updateParticipation` function for verifying `theminTokenAmountPerUser` for a user

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

Users can borrow more assets than they have deposited as collateral

NFTs Get Permanently Locked in Stability Pool After Liquidation

Boost Miscalculation Leads to Excess Distribution

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

Failure to update `lastClaimTime` mapping when users claim rewards in FeeCollector Causes Time-Based Reward Calculation Issues

`mint` function in RToken contract doesn't return the correct expected values, leading to emission of ReserveLibrary `Deposit` event and LendingPool `Deposit` event with incorrect values.

Canceled vote still get voted on and accumulate voting power in Goverance.sol

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

The fee calculations in the `pool` contract are incorrect, with different total fee amounts calculated during user creation/redeem and when the `feeBeneficiary` claims.

An attacker can intentionally prevent the auction from succeeding by placing a bid that makes the `totalSellReserveAmount` exceed the sale limit just before bidding ends.

Fee Evasion via LP Token Transfer Resets Deposit Value

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

Users can claim more that their actual allotment

maxSellPercent can be buypassed by selling previously bought vestings at a later time

Subtraction in `variance()` will revert due to underflow

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

Unrestricted validation score range for validators in `LLMOracleCoordinator::validate`.

`LLMOracleCoordinator::request` lacks a check for non-empty `task.input`, making `assertValidNonce` easier to pass due to reduced uniqueness

[MEDIUM]- User role can't be removed .The `_setRole` function cannot remove a role for a user due to incorrect implementation; it fails to remove the user's role.