maxDeposit() Returns Incorrect Value Due to Unaccounted MAX_SHARES Limit

Rewards Are Lost Due to Integer Division Rounding and Discrete Accumulation

Re-adding Removed Reward Tokens Causes Incorrect Reward Distribution

Lack of message validation for EverClear brdige

Rebalancing system fails due to incorrect token transfer flow

Bridge Operations Lack Recovery Mechanisms for Failed Transfers

Decimal precision mismatch renders API3 oracle unusable in dual-oracle system

Anyone Can Steal Non-EVM Cross-Chain Refunds

Parameter Validation Gap Enables Systematic Token Theft Across Bridge Contracts

Missing Native Token Amount Validation in `withdrawToNativeChain`

Protocol doesn't work with USDT token

Silent ETH Fund Loss in Cross-Chain Revert Mechanism

LEND Rewards Can Be Claimed Multiple Times Due to Missing State Reset

Double Interest Calculation in Liquidation Logic Leads to Unfair Liquidation of Healthy Positions

Accounting Failure in Credit Vault Valuation During Borrower Default

Missing Router Update Mechanism in StrategyMainnet Contract

Old router retains token allowance after update

Order ID can be manipulated

`PythOracle::currentValue` does not check price staleness correctly

extendLoan function reverts due to unused time calculation

Reorg Vulnerability in DAO Membership Creation Allows Users to Join Incorrect DAOs

LVDepositNotPaused modifier does not work correctly

Incorrectly implemented modifiers in LybraConfigurator.sol allow any address to call functions that are supposed to be restricted