Incorrect tier updates when adding users

Early 72-digit adjustment in sqrt will lead to incorrect result exponent calculation

Natural Logarithm Function Silently Accepts Invalid Non-Positive Inputs

Inconsistent mantissa size auto-scaling between packedFloat encoding and calculations will lead to unacceptable rounding errors

Users can create 40x leverage position

Liquidation fee will not be claimed due to incorrect decimal handling

Cannot set liquidation fee recipient

Rebalancing and compounding will fail on pools with negative tick

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

`BaseGauge` users can claim rewards without staking

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Wrong use of the `GaugeController::typeWeights` multiplier in `GaugeController::_calculateReward` causes a reduction in gauge rewards instead

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

RToken's transfer function lead to loss of funds due to incorrect math

Users can borrow more assets than they have deposited as collateral

Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times

NFTs Get Permanently Locked in Stability Pool After Liquidation

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Lack of Access Control in BoostController::updateUserBoost Leading to Unauthorized Delegation Overwrite.

Attackers can double voting power and veToken amount by locking and increasing

Gauge stakers won't get any reward due to round-down in user weight calculation

Stability pool does not consider RToken balance increase when DEToken is withdrawn

Timelock Controller Retains Canceled Proposals, Enabling Unauthorized Execution and severe Governance Voting manipulation.

Gauge reward period can be extended indefinitely

veRaac Token Constraint MAX_TOTAL_SUPPLY Can Be Bypassed. Vulnerability Disrupts Protocol Functionality and Undermines Governance Quorum.

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

LendingPool deposits do not work with CurveVault due to lack of funds

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

User may not be able to increase the amount of locked RAAC tokens

Permanent boost inflation through delegation removal in Boostcontroller.sol

Unrestricted proposal cancellation allows governance process manipulation

RAACToken burns less tokens than expected when feeCollector is unset

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

User's voting power never decays over time.

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures

Invariant broken in `getBoostMultiplier.sol` in the BoostController contract.

The Deleverage Will apply twice on market USDtoken minting

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Underflow when updating credit delegation will result protocol DoS

Vaults weth reward is not distributed correctly

Incorrect Debt Check in `CreditDelegationBranch::settleVaultsDebt` Function

Market-vault disconnection will bring permanent inconsistent state

Markets and vaults will not update their state until market fee is received, any deposits before market fee will not be reflected

Total market debt > 0 when credit deposits > netusdissuance which breaks key protocol logic

Incorrect calculation in CreditDelegationBranch::withdrawUsdTokenFromMarket allows attacker mint any amount of usdz

No way to set UsdTokenSwapConfig pd curve parameters

Due to not updating the Debt , the protocol will apply untended premium or discount

Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency

rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc

Unable to swap USD token to collateral for vaults in credit

The logic in `getPremiumDiscountFactor` is inverted: a discount is applied when Vault is in credit and a premium is applied if Vault is in debt

Vault accumulated values do not reflect market change correctly

Vault's total credit capacity keeps changing when being recalculated even though there is no market activity

rebalanceVaultAssets will revert with erc20 insufficient balance error

Usd token can be overwithdrawn from market

FullFill Swap will Fail due to minAmountOut wrong calculation

Lack of an update of the pool state will cause Initiate Swap to return an incorrect Amountout

Total debt used in fulfiling swap actions is wrong because we did not update the vault.

Protocol not fully compliant with ERC-7201

Denial of service when calculating the new weights if the rule requires previous moving averages

GradientBasedRules will not work for >=4 assets with vector lambdas

Incorrect Handling Of Nft Self-Transfer In afterupdate Hook Allows The Owner To Grief A Buyer By Rendering The Nft Unable To Redeem Its Associated Liquidity, Resulting In A Loss Of Funds

Incorrect implementation of QuantammMathGuard.sol#_clampWeights.

Listing potential can not be purchased with discounted price

Rounding error in stepDuration calculations.

Underflow in `claimable` DOSing `claim` Function

Malicious user will steal USDT from treasury

Approved ABONDToken spender will steal yields from treasury

Minting zero tokens when underlyingToken is not Ether in cashIn()