Use of Manipulatable Spot Price Oracle for Value Calculation Leads to Direct Theft of User Funds

Copy-Paste Error in `ViewWalker` Breaks Fee Calculation for Half the Protocol's Positions

`calculateLiquidityOffset` Logic Causes Denial of Service and Poor User Experience for Concentrated Liquidity Positions

JIT Liquidity Penalty is Bypassed via `collectFees` Function, Nullifying Protection Mechanism

Asset/Share Confusion in `burn` Function Allows Theft of All Underlying Capital

Precision Loss in Interest Rate Formula Leads to Incorrect Rates and Denial of Service

Flawed Logic in Transfer Rate-Limiting Mechanism Leads to Denial of Service

Duplicate Signatures Bypass Consensus Threshold

Inverted Transfer Whitelist Logic Allows Unauthorized Transfers and Blocks Authorized Ones

Division by Zero in `finalizeAndRedeemWithdrawRequest` Permanently Locks Funds for Partial LP Withdrawals

Gas Denial of Service (DoS) in `PersistentSet.values()` and `valuesAt()` Due to Unbounded Iteration Over Historical Elements

Authorization Bypass in claimRefund Allows Theft of All Pending Refunds for Non-EVM Addresses

Incompatible Encoding and Decoding Functions in AccountEncoder Library Lead to Malformed Cross-Chain Messages for Solana

Incorrect maxLiquidationAmount Calculation in Cross-Chain Liquidation Validation Prevents Legitimate Liquidations

Incorrect Principal Update in _handleValidBorrowRequest Understates Cross-Chain Debt Obligation on Collateral Chain

Stale Collateral Data in Cross-Chain Borrow Validation (_handleBorrowCrossChainRequest) Leads to Risk of Undercollateralized Loans

maxClose Calculation in liquidateBorrowAllowedInternal Uses Stale Principal, Unduly Restricting Liquidation Repayment Amount

Flawed and Redundant Secondary Liquidity Check in borrow Function May Incorrectly Deny Valid Borrows