User cannot remove value if the underlying value charges a fee

Wrong token is transferred when integrates with E4626ViewAdjustor

Simplex ownership cannot be transferred

User loses earnings from underlying vaults when they remove values

Protocol fee resides in the diamond contract can be wrongly sent to users if the underlying vault temporarily disables withdrawal

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

`BaseGauge` users can claim rewards without staking

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Gauge period cannot be updated

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Reward manipulation vulnerability in StabilityPool

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

Users can borrow more assets than they have deposited as collateral

NFTs Get Permanently Locked in Stability Pool After Liquidation

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Treasury Balance Tracking Bypass in FeeCollector

The total voting power of all veRAAC tokens is wrongly assigned

Gauge rewards are not transferred to gauge when distributeRewards() is called

Gauge stakers won't get any reward due to round-down in user weight calculation

Stability pool does not consider RToken balance increase when DEToken is withdrawn

Multiple calls to `BaseGauge::notifyRewardAmount()` override existing reward rate, causing loss of rewards for stakers

[H-2] Lack of Emergency Pause in `BaseGauge::stake` and `BaseGauge::withdraw

Incorrect accounting in `veRAACToken::emergencyWithdraw` and `veRAACToken::withdraw` due to missing `totalLocked` update

`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function

Missing Boost Balance and other parameters Update in veRAACToken Functions. Incomplete Boost State Updates Result in Inaccurate Voting Power and Reward Distribution

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

RToken.transferFrom() Does Not Scale User Balances Due to Stale Liquidity Index

LendingPool deposits do not work with CurveVault due to lack of funds

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

There is no logic checking for RAACNFT price staleness before minting it

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

User may not be able to increase the amount of locked RAAC tokens

hardcoded baseamount in Updateuserboost fucntion causes users with small token holdings to receive higher boosts relative to their holdings t

Permanent boost inflation through delegation removal in Boostcontroller.sol

Due to not counting the assets stake on crvVault the reported amount of dust will not be correct

Inconsistent Scaling in RToken Transfer Functions

FeeCollector stakeholders may receive less fee distribution due to unnecessarily precision loss

Delegated Boost Persists Even If veRAAC Is Withdrawn/Reduced

`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting

RAACToken burns less tokens than expected when feeCollector is unset

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

Unbounded Reward Accrual After Period End Enables Reward Manipulation Attacks

Lending pool reserve liquidity can be incorrectly accounted due to transferring accrued dust

Limited veRaac Token Supply Triggers DoS, Hampering Proper Governance Participation.

Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions

Lack of enforcement of the `MAX_TOTAL_LOCKED_AMOUNT`

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Missing Checkpoint Reset in `veRAACToken::emergencyWithdraw` Function

Missing Pause Functionality in veRAACToken Contract Can Be Abused When Emergency Withdrawal Mechanism Is Activated

Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures

`LendingPool` yield generated in curve vault is lost and cannot be withdrawn by users

LendingPool protocol fee is not properly handled

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Vaults weth reward is not distributed correctly

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

Markets and vaults will not update their state until market fee is received, any deposits before market fee will not be reflected

Incorrect calculation in CreditDelegationBranch::withdrawUsdTokenFromMarket allows attacker mint any amount of usdz

Fee Recipient Shares Cannot Be Decreased When Total Fee recipients’s share is at Max Limit

Due to not updating the Debt , the protocol will apply untended premium or discount

Refund Underflow in Swap Refund Logic Leading to Locked Funds

Slippage Higher than Expected in `CurveAdapter.executeSwapExactInput()` and `FeeDistributionBranch._performMultiDexSwap()` Multi-Hop Swaps

Vault credit capacity may not be correctly calculated

Attacker can front-run to claim tokens

MembershipERC1155 proxy cannot be upgraded

Reorg Vulnerability in DAO Membership Creation Allows Users to Join Incorrect DAOs

Missing Signature Expiry Enables Perpetual Transaction Validity.

Protocol does not strictly comply with EIP-712

No check if a listing is a liquidation when process tax refund in relisting

_isLiquidation status is not reset when a liquidation listing is relisted/reserved

Listing created time is not updated when relisting

Listing info is not deleted when a listing is reserved

Incorrect checkpoint index might be returned when snapshots the current checkpoint

Unlocked protected listing asset can be redeemed by any other user

Type uint88 may not be suitable for storing quorum vote requirement

ERC1155 collection royalty fees cannot be claimed on L2

ERC721 Airdrop item can be redeemed/swapped out by user who is not an authorised claimant

User won't be refunded after initializing a collection

Old beneficiary / AMM beneficiary won't be able to claim fees if the current beneficiary is a pool

Fee Exemption cannot be applied or removed

ethIn and tokenOut is not correctly computed in beforeSwap() when the swap is an exactIn

Pool fee cannot be actually set

royaltyBps may not be properly retrieved for ERC1155 collections

SuperPool reallocation may fail due to non-zero approval

Super Pool shares can be inflated by bad debt leading to overflows

None of the functions in SuperPool checks pause state

SuperPool is NOT strictly ERC4626 compliant

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

Native token withdrawal fails until manually approved

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

Fund Withdrawal Flaw in preMarket Allows Users to Avoid Settlement Obligations

`mulDiv()` can round down to 0 in realistic cases, allowing for tax avoidance

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

`listOffer` Unsafely References Fungible Identifiers

Inadequate Checking of `isIncreasing` when trader adjusts position size

Market Disruption and Financial Loss Post-Liquidation

Incorrect liquidatable checking for market order creation

User might be unfairly liquidated after L2 Sequencer grace period

Potential `EIP712` violation in multiple cases

User may lose funds when creating Nexus account or executing user operations

Registry is never called when setting up modules using the `Bootstrap` contract

Protocol not fully compliant with `EIP-7579`

entryPoint() function cannot be overridden

User may not receive profit from withdrawal fee as expected and attacker can steal value from pool

Vultisig whitelisting can be bypassed by anyone

Most users won't be able to claim their share of Uniswap fees

Vultisig should be burnable

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

Protocol won't be eligible for referral rewards for depositing ETH

Incorrect accounting of reward points can be caused by owner changing the startBlock

Staker may receive much less staking token than expected when they exit early