Incorrect Debt Clearance During Cross-Chain Repayments Leading to Protocol Losses

Incorrect Cross-Chain Collateral Verification Leading to Over-Collateralization Requirement

Cross-Chain Borrowing State Corruption Due to Improper Mapping Updates

Incorrect Interest Accrual in Cross-Chain Borrow Update

Cross-Chain Debt Repayment Failure

Incorrect Liquidation Eligibility Check in Cross-Chain Lending Protocol

Cross-Chain Liquidation Debt Settlement Mismatch

Attackers Will Drain Collateral Reserves Through Faulty Liquidations

Incorrect Application of Token-Specific borrowIndex on Aggregate Borrow Value

Inefficient Liquidation Due to Close Factor Applied Only to Principal

Mishandling of receiving HYPE in the StakingManager , lead to user can't confirm withdrawal and inflate the exchange ratio

Users Who Queue Withdrawal Before A Slashing Event Disadvantage Users Who Queue After And Eventually Leads To Loss Of Funds For Them

Attacker Will Inflate Voting Power to Manipulate Consensus

Improper Validation Checks Will Affect User Participation Limits

Multiple Delegation by Double Spending Boosts and Lack of Delegation Tracking in BoostController Contract

Delegation Boost Not Usable by Delegatees

`BaseGauge` users can claim rewards without staking

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

Users can borrow more assets than they have deposited as collateral

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Attackers can double voting power and veToken amount by locking and increasing

Gauge Voting Misallocation Vulnerability

Gauge rewards are not transferred to gauge when distributeRewards() is called

Multiple calls to `BaseGauge::notifyRewardAmount()` override existing reward rate, causing loss of rewards for stakers

`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function

Gauge reward period can be extended indefinitely

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service

LendingPool deposits do not work with CurveVault due to lack of funds

Multiple Critical Calculation And Logic Errors in `RToken::mint/burn` Function

Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations

Permanent boost inflation through delegation removal in Boostcontroller.sol

Proposal Front-Running via Predictable Salt in `TimelockController::scheduleBatch`

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

Incorrect rewardRate management in BaseGauge

Missing Update of `lastUpdateTime` in `updatePeriod()

Failure to Reset `rewardRate` in `updatePeriod()`

`mint` function in RToken contract doesn't return the correct expected values, leading to emission of ReserveLibrary `Deposit` event and LendingPool `Deposit` event with incorrect values.

Limited veRaac Token Supply Triggers DoS, Hampering Proper Governance Participation.

Unauthorized Vote Casting Vulnerability

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Missing Checkpoint Reset in `veRAACToken::emergencyWithdraw` Function

Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures

Missing `BaseGauge::distributionCap` validation leads to over-emission of rewards

Wrong event emitted in `LendingPool::_repay`

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Vaults weth reward is not distributed correctly

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

Incorrect Debt Check in `CreditDelegationBranch::settleVaultsDebt` Function

Incorrect calculation in CreditDelegationBranch::withdrawUsdTokenFromMarket allows attacker mint any amount of usdz

Attacker can manipulate the amount of output tokens of users in ZlpVault

Issue with Decimal Offset Calculation Leading to Weak Donation Protection

Incorrect Period Reference in `transferReserveToAuction` Leading to Denial of Service for Auction Contracts

Boost Creators Unable to Retrieve Funds or Draw Raffle Winners Due to Missing Entry Points

Malicious Actor Can Block Incentive Claims for Legitimate Users

Inability to Handle Fee-on-Transfer Tokens in Budget Allocation

Unlimited Referral Fee Allows Boost Creator to Bypass Protocol Fee

Vulnerable Randomness in drawRaffle() Allows Manipulation of Raffle Results by Malicious Actors

Incorrect RA Transfer on Reserve's DS Sale

The lvRedeemRaWithCtDs Function Fails to Reduce Locked RA When Burning CT and DS

Inconsistent application of exchange rate

Incorrect Supply and Debt Balance Calculation in PositionBalanceConfiguration

Failure to Update _lockedETH Will Cause Withdrawal Failures for Contract Admin

TokenManager - Unlimited withdraw

Native token withdrawal fails until manually approved

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

Token withdrawal fails until someone manually approves spending

Fund Withdrawal Flaw in preMarket Allows Users to Avoid Settlement Obligations

`listOffer` Unsafely References Fungible Identifiers