Wrong computation of `rewardIndex` leads to extra DCA tokens minted in SuperDCAStaking contract.

Wrong amount is minted to user when they deposit into the lending pool

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

`BaseGauge` users can claim rewards without staking

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

RToken's transfer function lead to loss of funds due to incorrect math

NFTs Get Permanently Locked in Stability Pool After Liquidation

RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation

Treasury Balance Tracking Bypass in FeeCollector

Gauge Voting Misallocation Vulnerability

Gauge rewards are not transferred to gauge when distributeRewards() is called

Untracked Direct Fee Transfers from RAACToken to FeeCollector Break Fee Distribution System

Ineffective Time-Weighted Average Implementation in Fee Distribution

Incorrect accounting in `veRAACToken::emergencyWithdraw` and `veRAACToken::withdraw` due to missing `totalLocked` update

Missing StabilityPool Integration in `mintRewards` Function

Missing Boost Balance and other parameters Update in veRAACToken Functions. Incomplete Boost State Updates Result in Inaccurate Voting Power and Reward Distribution

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service

LendingPool::getNormalizedIncome() returns stale liquidity index

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

Token Accounting Mismatch Between tick() and mintRewards() in RAACMinter

Permanent boost inflation through delegation removal in Boostcontroller.sol

Wrong access control in `RAACToken::setFeeCollector`, `RAACToken::setSwapTaxRate`, `RAACToken::setBurnTaxRate`

[L-1] Inaccurate boost calculations in `veRAACToken` due to wrong input parameter

Failure to update `lastClaimTime` mapping when users claim rewards in FeeCollector Causes Time-Based Reward Calculation Issues

Multiple Token Management Lets Withdraw a Token Different than Deposited Token

RAACToken burns less tokens than expected when feeCollector is unset

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

getNormalizedDebt will return a wrong Amount when Timedelta is 0.

RAACNFT wrongly suppose crvUSD to be equal to 1 dollar

`mint` function in RToken contract doesn't return the correct expected values, leading to emission of ReserveLibrary `Deposit` event and LendingPool `Deposit` event with incorrect values.

Canceled vote still get voted on and accumulate voting power in Goverance.sol

Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions

Impossible to rescue funds from `RToken` contract

Emergency withdraw functionality in veRAACToken takes longer than expected

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Incorrect Timestamp Tracking in RAACHousePrice contract

Misleading NatSpec and Ambiguous Access Control in `setHousePrice` Function

Incorrect Voting Power Reporting in `veRAACToken.sol::getLockPosition` Function

Incorrect Mint() Event Emission in RToken#mint()

`DebtToken::burn()` event parameters and return values ​​are incorrect

BoostController Bypasses Boost State Tracking System

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions