Attacker will steal funds from depositors through share inflation attack

Unauthorized Refund Claims for Non-EVM Addresses

Attacker can steal an high-value token due to lack of swap execution

An attacker will steal protocol funds from reverted cross-chain txs

Incorrect Swap Amount After Fee Deduction

ETH Revert Handling Failure in Cross-Chain Operations

ETH Address Approval Attempt Causes All Zeta Swaps to Revert

Platform Fee Bypass in Zeta Swap Execution

An attacker will cause transaction reverts for users by spoofing Uniswap V2 pool existence

Untrusted `onAbort`/`onRevert` call will allow overwriting of legitimate external ID for cross-chain refund logic

Bitcoin Address Truncation in Revert Message Causes Failed Refunds

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

Reward manipulation vulnerability in StabilityPool

RToken's transfer function lead to loss of funds due to incorrect math

NFTs Get Permanently Locked in Stability Pool After Liquidation

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

getNormalizedDebt will return a wrong Amount when Timedelta is 0.

`ReserveLibrary.getNormalizedDebt` doesn't return normalized debt

Incorrect Timestamp Tracking in RAACHousePrice contract