Natural Logarithm Function Silently Accepts Invalid Non-Positive Inputs

Missing Access Control Allows Reward Period Extension Attack. An attacker will dilute rewards for stakers

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

Boost Miscalculation Leads to Excess Distribution

Incorrect accounting in `veRAACToken::emergencyWithdraw` and `veRAACToken::withdraw` due to missing `totalLocked` update

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations

hardcoded baseamount in Updateuserboost fucntion causes users with small token holdings to receive higher boosts relative to their holdings t

Multiple Token Management Lets Withdraw a Token Different than Deposited Token

Users Cannot Remove Their Own Boost Delegation, Causing Potential Lock-In

Lack of enforcement of the `MAX_TOTAL_LOCKED_AMOUNT`

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Overwriting Previous Allocations in allocateFunds May Lead to Loss of Cumulative Allocation Data

Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures