Signature Replay Vulnerability in Crestal Network Deployment System

`BaseGauge` users can claim rewards without staking

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

RToken's transfer function lead to loss of funds due to incorrect math

RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation

Incorrect Debt Scaling Leading to Protocol Solvency Risk

Attackers can double voting power and veToken amount by locking and increasing

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

Multiple Critical Calculation And Logic Errors in `RToken::mint/burn` Function

Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

Missing Boost State Update in extend() and withdraw()

Permanent boost inflation through delegation removal in Boostcontroller.sol

[L-1] Inaccurate boost calculations in `veRAACToken` due to wrong input parameter

RAACToken burns less tokens than expected when feeCollector is unset

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

Inconsistent Fee Collector Address Validation in RAACMinter: Denial of Service for Disabling Fee Collection

Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated

`DebtToken::burn`'s Return Values are wrong

Wrong event emitted in `LendingPool::_repay`

`Auction::checkAuctionEnded()` function fails to handle early auction completion when all ZENO tokens are sold, potentially blocking critical post-auction processes

Role Revocation in initialize Function in `solidityAmo.sol`

Arbitrary permission initialization of wooracle contract

SettlementSignatureVerifier is missing check for duplicate validator signatures

Wrong usage of transaction originator address instead of caller address