RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

Reward manipulation vulnerability in StabilityPool

RToken's transfer function lead to loss of funds due to incorrect math

NFTs Get Permanently Locked in Stability Pool After Liquidation

Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Ineffective Time-Weighted Average Implementation in Fee Distribution

Voting Power Snapshot Missing

Hardcoded Exchange Rate Leading to Incorrect Deposits and Redemptions

RToken.transferFrom() Does Not Scale User Balances Due to Stale Liquidity Index

LendingPool deposits do not work with CurveVault due to lack of funds

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

Inconsistent Scaling in RToken Transfer Functions

Failure to Withdraw Liquidity to RToken.sol Before Changing Curve Vault Address

Fee-on-transfer token handling issue in `Treasury::deposit` leads to permanent fund loss

`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting

The `TimelockController::executeEmergencyAction()` function does not update the `_operations` mapping, which can lead to an operation being executed twice.

Emergency Withdraw in veRAACToken Breaks Governance Security

Impossible to rescue funds from `RToken` contract

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Treasury's allocated funds not tracked during withdrawals leads to accounting issue where recepient can receive more than allocated funds.

Fee Evasion via LP Token Transfer Resets Deposit Value

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

“Uplift Fee” Incorrectly Falls Back to Minimum Fee Due to Integer Division

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

Missing sellable check in completePurchase will cause a user to buy a token marked as unsellable by S2ADMIN if it was listed beforehand