SubTreeBorrowedX/Y is not propogated upward in Liq.sol causing loss of funds for all users

Incorrect High tick in poolWalker causes dirty nodes to be present after traversal leading to loss of funds and DOS of protocol

Inconsistent calculation of node.fees.makerXFeesPerLiqX128 in splitMakerFees

Attackers can drain the protocol tokens

Liquidity not instantly minted of siblings of Borrow nodes at the edge(low tick) causes DOS of node.

CollectFees doesnt work for positions that have adjusted to reduce their liquidity and EOA's will get their funds stolen

Incorrect calculation of the rootWidth of the segment tree causes many ticks to not be accomodated in the tree

collectFees function changes the asset.timestamp even for non-compounding makers

adjustMaker doesnt allow certain valid adjustments

The NFTManager can be DOS'ed

There is no way for the admin/anyone to claim the JIT Penalty tokens

The protocol doesnt support weird tokens like Tether Gold (that return false on every operation)

Anybody can steal other user's funds

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

`BaseGauge` users can claim rewards without staking

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Gauge period cannot be updated

`GaugeController::_calculateReward` implementation will cause smaller shares to be allocated to every gauge

Reward manipulation vulnerability in StabilityPool

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

RToken's transfer function lead to loss of funds due to incorrect math

Users can borrow more assets than they have deposited as collateral

NFTs Get Permanently Locked in Stability Pool After Liquidation

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Lack of Access Control in BoostController::updateUserBoost Leading to Unauthorized Delegation Overwrite.

Attackers can double voting power and veToken amount by locking and increasing

Incorrect Debt Token Accounting Due to Multiple Scaling Issues

Gauge rewards are not transferred to gauge when distributeRewards() is called

Gauge reward period can be extended indefinitely

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

LendingPool deposits do not work with CurveVault due to lack of funds

LendingPool::getNormalizedIncome() returns stale liquidity index

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

Missing Liquidity Rebalancing in Repayments and Liquidations Leading to Inefficient Liquidity Management

Permanent boost inflation through delegation removal in Boostcontroller.sol

Inconsistent Scaling in RToken Transfer Functions

User's voting power never decays over time.

When bad debt is accumulated the loss is not distributed amongst all suppliers leading to a huge loss for the last supplier to withdraw

Inaccurate interest-rate and liquidity calculations due to omitted `updateInterestRatesAndLiquidity()` call in `setProtocolFeeRate()`

Liquidity rate calculation applies protocol fee as a discount instead of charging it in ReserveLibrary

StabilityVault can be drained of RTokens when LendingPool reserve.liquidityIndex >= 2 RAY

Updating the prime rate will change the interest for a time that was already passed

userBoosts.amount in BoostController will have different scales when using different functions to update it

notifyRewardAmount may always revert if the rewardAmount is greater than periodState.emission

reserve.totalUsage not updated correctly causes incorrect Rtoken minting/burning

Limited veRaac Token Supply Triggers DoS, Hampering Proper Governance Participation.

Lack of enforcement of the `MAX_TOTAL_LOCKED_AMOUNT`

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Borrow, withdraw, deposit revert due to curve vault not having available liquidity or being paused.

Deposits/Withdrawals can be DOS'ed if crvVault::withdraw produces any losses

`LendingPool` yield generated in curve vault is lost and cannot be withdrawn by users

Inconsistent time boundary check in `Governance::state` and `Governanane::castVote`

Multiple Vesting Schedules Can’t Be Created for Beneficiaries in Different Categories

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Old router retains token allowance after update

Users can claim more that their actual allotment

Minting zero tokens when underlyingToken is not Ether in cashIn()

Subtraction in `variance()` will revert due to underflow

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

Unrestricted validation score range for validators in `LLMOracleCoordinator::validate`.

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

Epoch mismatch in FjordPoints and FjordStaking leads to user being able to stake and unstake instantly for rewards

Admin won't be able to withdraw ETH after a raffle cancellation

Raffle can be cancelled even if minTicketsThreshold is reached

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

listOffer maker can settle offer via settleAskMaker() in Turbo settle type.

Fund Withdrawal Flaw in preMarket Allows Users to Avoid Settlement Obligations

Unnecessary balance checks and precision issues in TokenManager::_transfer

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

`listOffer` Unsafely References Fungible Identifiers

Validation of `collateralRate` in `PerMarkets::createOffer` function

CreateOffer allows eachTradeTax to be 100% ( 10000 bp ) violating code assumptions

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

The maximum number of generations is infinite

Wrong minting logic based on total token count across generations

Potential Uninitialized `entropySlots` Reading in `getNextEntropy`, Causing 0 Entropy Mint

Users' ability to nuke will be DoSed for three days after putting NFTs up for sale and cancelling the sale

Forger Entities can forge more times than intended

Pause and unpause functions are inaccessible

NFTs mature too slowly under default settings.

`Golden God` Tokens can be minted twice per generation

Each generation should have 1 "Golden God" NFT, but there could be 0

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

TraitForgeNft: Generations without a golden god are possible

Incorrect check against golden entropy value in the first two batches

Slashing NativeVault will lead to locked ETH for the users

User can vote even with remaining mlum staked time 0

No restriction in number of BribeRewarders created by user