Operation sequence in redemption process allows protocol undercollateralization

Unrestricted `notifyRewardAmount` function allows reward manipulation

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Incorrectly using delta currency amount instead of delta token amounts in `updateParticipaion()`

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

Reward manipulation vulnerability in StabilityPool

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

RToken's transfer function lead to loss of funds due to incorrect math

Users can borrow more assets than they have deposited as collateral

NFTs Get Permanently Locked in Stability Pool After Liquidation

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Untracked Direct Fee Transfers from RAACToken to FeeCollector Break Fee Distribution System

Ineffective Time-Weighted Average Implementation in Fee Distribution

[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

LendingPool deposits do not work with CurveVault due to lack of funds

LendingPool::getNormalizedIncome() returns stale liquidity index

There is no logic checking for RAACNFT price staleness before minting it

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

User may not be able to increase the amount of locked RAAC tokens

Due to not counting the assets stake on crvVault the reported amount of dust will not be correct

Unrestricted proposal cancellation allows governance process manipulation

Failure to Withdraw Liquidity to RToken.sol Before Changing Curve Vault Address

Cordinated group of attacker can artificially lower quorum threshold during active proposals forcing malicious proposals to pass without true majority support.

RAACToken burns less tokens than expected when feeCollector is unset

RAACNFT wrongly suppose crvUSD to be equal to 1 dollar

Inaccurate interest-rate and liquidity calculations due to omitted `updateInterestRatesAndLiquidity()` call in `setProtocolFeeRate()`

Canceled vote still get voted on and accumulate voting power in Goverance.sol

Deposits/Withdrawals can be DOS'ed if crvVault::withdraw produces any losses

`LendingPool` yield generated in curve vault is lost and cannot be withdrawn by users

Wrong event emitted in `LendingPool::_repay`

Inconsistent time boundary check in `Governance::state` and `Governanane::castVote`

Missing whenNotPaused modifier on withdraw function allows token withdrawals during emergency

Outdated usage index in view functions leads to incorrect debt calculations

Adversary can win proposals with voting power as low as 4%

Auction will never succeed due to wrong check

Funds might remain locked in `BalancerRouter` when depositing in Balancer pool

The fee is double charged on every `create` or `redeem`

Low TVL and high Leverage Supply will DoS the redeem of Leverage tokens

Balancer LP tokens might be locked inside `BalancerRouter`

Incomplete handling of failed auctions

Redeeming all leverage tokens, will DoS their creation

Rounding will lead to broken invariant.

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Old router retains token allowance after update

Reputation market will be insolvent, due to incorrect increase of market funds when buying.

Incorrect fee calculation will overcharge users buying votes.

Incorrect calculation of fees in `EthosVouch` will cause partial loss of user's principle

Missing slippage protection on `sellVotes()`

Attacker can steal tokens intended for KYC-verified address

Users using `withdraw,` will receive more funds than the ones using `redeem`

Deleted address will still have full control over the profile.

Upgrades might cause storage collision

Users are unable to claim in more than 1 epoch.

Unaccounted protocol fee will lead to funds getting locked

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

Attacker can abuse `cancelRaffle` to DoS the protocol

`refundPlayers()` will prevent Admin from withdrawing assets

TokenManager - Unlimited withdraw

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

The maximum number of generations is infinite

Pause and unpause functions are inaccessible

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`