ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

Reward manipulation vulnerability in StabilityPool

RToken's transfer function lead to loss of funds due to incorrect math

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Boost Miscalculation Leads to Excess Distribution

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Treasury Balance Tracking Bypass in FeeCollector

Borrowers can retain debt even after being liquidated.

Missing StabilityPool Integration in `mintRewards` Function

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

LendingPool deposits do not work with CurveVault due to lack of funds

LendingPool::getNormalizedIncome() returns stale liquidity index

Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

There is no logic checking for RAACNFT price staleness before minting it

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

Users Cannot Remove Their Own Boost Delegation, Causing Potential Lock-In

`ReserveLibrary.getNormalizedDebt` doesn't return normalized debt

Canceled vote still get voted on and accumulate voting power in Goverance.sol

Borrow, withdraw, deposit revert due to curve vault not having available liquidity or being paused.

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Overwriting Previous Allocations in allocateFunds May Lead to Loss of Cumulative Allocation Data

Incorrect Timestamp Tracking in RAACHousePrice contract

Missing Validation for Minimum Vote Weight in `vote` Function

Deposits/Withdrawals can be DOS'ed if crvVault::withdraw produces any losses

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Adversary can win proposals with voting power as low as 4%

Token Loss During `BalancerRouter` Deposit to `PreDeposit` Contract

Reentrency Vulnerability in `OracleLess` Contract Enables Complete Pool Drain in a Single Attack

Order ID Collision Leading to Overriding of Bracket Orders

Missing Validation for Recipient Parameter in `createOrder` Function in `OracleLess` contract

Incorrect Stale Price Check in `PythOracle` Contract Leads to Rejection of Fresh Prices

Lack of `Compromised Address` Check Allows Unauthorized Replies in `EthosDiscussion` contract

Wrong minting logic based on total token count across generations

Forger Entities can forge more times than intended

Pause and unpause functions are inaccessible

`Golden God` Tokens can be minted twice per generation

Improper Allowance Management in OCY_`Convex_A.sol` & `OCY_Convex_C.sol'`s `pushToLocker` Function