User will drain contract native balance by specifying arbitrary amounts without validation

Attacker will steal stored tokens in GatewaySend as `onCall()` `toToken` validation is missing

Protocol will fail all USDT deposits due to non-standard transferFrom implementation

Attacker will drain all contract funds as onRevert lacks sender validation

Users will drain LEND tokens by claiming rewards multiple times

Protocol will lose accumulated liquidation rewards due to missing withdrawal mechanism

Users will receive incorrect token amounts due to stale exchange rates

User will clear same-chain debt by repaying only cross-chain debt

User will clear same-chain debt on destination chain by repaying only cross-chain debt

User will increase same-chain debt on destination chain by repaying cross-chain debt

Incorrect liquidation validation leads to loss of funds for borrowers or protocol insolvency

User will over-borrow across multiple chains by exploiting stale collateral checks

First-time borrowers will drain protocol liquidity by bypassing collateral requirements

Invariant check will cause complete denial of service for borrowers when users perform bidirectional cross-chain operations

Users will receive double LEND rewards when having cross-chain positions

Borrower will lose seized collateral when liquidator repays debt during cross-chain liquidation with an invalid amount

User will be unable to borrow up to their full collateral capacity due to double application of interest calculation

Liquidator will be unable to liquidate up to the proper close factor due to incorrect principal amount usage in liquidation calculations

Unwrapping while equating inside the `eq` function fails to account for the set `L_MATISSA_FLAG`

Missing authorization check in `Payment::payWithERC20()` allows unauthorized token transfers

Missing worker deployment timeout mechanism leads to permanently stuck deployments

Missing signature invalidation in `BlueprintCore::updateWorkerDeploymentConfigWithSig()` allows token balance draining and configuration update replay

Incomplete whitelist implementation in `BlueprintCore` allows bypass of agent creation restrictions

Inconsistent negative modulo handling causes incorrect tick calculations for secondary positions

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

`BaseGauge` users can claim rewards without staking

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Reward manipulation vulnerability in StabilityPool

RToken's transfer function lead to loss of funds due to incorrect math

NFTs Get Permanently Locked in Stability Pool After Liquidation

Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Multiple calls to `BaseGauge::notifyRewardAmount()` override existing reward rate, causing loss of rewards for stakers

Hardcoded Exchange Rate Leading to Incorrect Deposits and Redemptions

Users can lose additional collateral by depositing NFTs after grace period expiration

Gauge reward system can be gamed with repeatedly stake/withdraw

Missing Vote Frequency Control in GaugeController

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

LendingPool deposits do not work with CurveVault due to lack of funds

Users Can Lose Funds and Collateral by Repaying Loans After Liquidation Grace Period Expiry

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

Using balanceOf Instead of Voting Power

There is no logic checking for RAACNFT price staleness before minting it

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

`GaugeController::distributeRewards` can be called multiple times by anyone, leading to excessive reward distribution

Fee-on-transfer token handling issue in `Treasury::deposit` leads to permanent fund loss

Wrong access control in `RAACToken::setFeeCollector`, `RAACToken::setSwapTaxRate`, `RAACToken::setBurnTaxRate`

`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting

Cordinated group of attacker can artificially lower quorum threshold during active proposals forcing malicious proposals to pass without true majority support.

Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Borrow, withdraw, deposit revert due to curve vault not having available liquidity or being paused.

`LendingPool` yield generated in curve vault is lost and cannot be withdrawn by users

`Auction::checkAuctionEnded()` function fails to handle early auction completion when all ZENO tokens are sold, potentially blocking critical post-auction processes

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Lack of deadline check in forwarded request

Claiming accumulated rewards while the contract is underfunded can lead to a loss of rewards

Potential unfair distribution of Rewards due to MEV in updateBucketExchangeRatesAndClaim