Anyone can add fraction rewards and slow down the reward per token

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

Users can borrow more assets than they have deposited as collateral

Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Incorrect Debt Token Accounting Due to Multiple Scaling Issues

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

LendingPool deposits do not work with CurveVault due to lack of funds

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

The earned yield from the Curve vault can never be utilized when withdrawing or borrowing

When the prime rate is updated by the oracle, the values of the sub-rates are not ajdusted accordingly, which can cause loss of assets for borrowers

reserve.totalUsage variable is not properly updated

Unnecessary Vault Withdrawals Due to Unchecked User Withdrawal Amounts

Interest rates will be incorrectly updated, which will result in higher borrowing costs for borrowers

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Wrong event emitted in `LendingPool::_repay`

`collateralLiquidated` value is always 0 when emitted in the `LiquidationFinalized` event

Core functions can be DoS-ed, which will lead to loss of funds for CDS owners

Treasury reserves can be drained

A malicious user can DoS the matching of offers

Leftover amounts from rounding in reward distribution will be stuck forever in the `GammaRewarder`

Vault fee receivers can conditionally block rewards distribution flow

Attacker can DOS user from selling shares of a credId

Admin can steal funds from ticket sales, and rug raffle participants

Missing circuit breaker checks for Chainlink price feeds

Super pools can't be paused, in case of an emergency

TokenManager - Unlimited withdraw

Native token withdrawal fails until manually approved

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

Pause and unpause functions are inaccessible

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Permit functions will not work with certain tokens

Use of CREATE method is suspicious of reorg attack

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`