Attacker can zero out pending staking rewards through minimal stake manipulation

Multiple Pools Drain Staking Rewards via Missing Canonical Pool Enforcement

Per-Trade Epoch Anchoring Enables 100% Cashback Overpayment via Timing Manipulation

First staker after idle period captures all emissions from zero‑stake interval

Retroactive Mint Rate Application Violates Global Emission Rate Integrity

Hard-coded 6-Decimal Assumption Causes Catastrophic Reward Miscalculation on BNB Chain

Incentive Front-Loading Due to Incorrect Time Reference in Reward Accrual

Fee Under-Collection in Exact-Output Swaps with Fee-from-Output

Ineffective transferVaultBalance Function Cannot Migrate Real Vault Balances

NFTManager tokenURI() Reverts Due to Incorrect Diamond Storage Access

ViewWalker Cross-Assignment Bug Causes Incorrect Fee Calculations

Unauthorized Access via Spoofed ControlTower Authorization

WUSR Mint Function Overcredits Users Due to Misuse of ERC4626 `previewMint

Missing receive() Functions Break ETH Zap Functionality

Reward Backlog Accumulation Bug Allows First Stakers After Idle Periods to Steal Rewards