Poor state synchronization across chains will allow users to borrow past the allowed amount for their supplied collateral

Use of wrong exchange rate will cause loss of value for users of the protocol

Any rando can steal all supplied funds due to faulty conditional in `CoreRouter::borrow` function

Incorrect borrow amount calculation will prevent users from borrowing the max borrowable amount

Not adding liquidated tokens to liquidator `userSuppliedAssets` will cause unfair liquidations for users

Unwrapping while equating inside the `eq` function fails to account for the set `L_MATISSA_FLAG`

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

Wrong initialization pattern will stop the `SymmVesting.sol` contract from working correctly

Bad check in `Vesting.sol::_resetVestingPlans` will prevent users from adding additional liquidity in `SymmVesting.sol`

Code implementation error will DOS users who try to open leverage position with multiswap params

Wrong code implementation will DOS users when they try to withdraw from the leverager

`BaseGauge` users can claim rewards without staking

Wrong use of the `GaugeController::typeWeights` multiplier in `GaugeController::_calculateReward` causes a reduction in gauge rewards instead

`GaugeController::_calculateReward` implementation will cause smaller shares to be allocated to every gauge

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

Treasury Balance Tracking Bypass in FeeCollector

Attackers can double voting power and veToken amount by locking and increasing

Gauge rewards are not transferred to gauge when distributeRewards() is called

Untracked Direct Fee Transfers from RAACToken to FeeCollector Break Fee Distribution System

Ineffective Time-Weighted Average Implementation in Fee Distribution

Gauge stakers won't get any reward due to round-down in user weight calculation

Missing Vote Frequency Control in GaugeController

There is no logic checking for RAACNFT price staleness before minting it

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

Incorrect Period Transition Logic in Reward Distribution

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Incorrect Timestamp Tracking in RAACHousePrice contract

Auctions will never end, causing users' tokens to remain stuck

Malicious user will drastically increase coupon amount to distribute

Users can claim more that their actual allotment

Incorrect referral fee calculations

Any random bad actor will drain user tokens from `Bracket` contract

Random bad actor will steal user funds from `OracleLess` contract

"Fresh price" returned by `PythOracle` will cause a significant denial of service in the Oku automation system