Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

`GaugeController::_calculateReward` implementation will cause smaller shares to be allocated to every gauge

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Reward manipulation vulnerability in StabilityPool

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

RToken's transfer function lead to loss of funds due to incorrect math

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Boost Miscalculation Leads to Excess Distribution

Multiple calls to `BaseGauge::notifyRewardAmount()` override existing reward rate, causing loss of rewards for stakers

veRaac Token Constraint MAX_TOTAL_SUPPLY Can Be Bypassed. Vulnerability Disrupts Protocol Functionality and Undermines Governance Quorum.

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

Incorrect Return Values and Double Scaling in `RToken.burn` Function Leads to Denial of Service

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

Concurrent Oracle Fulfillments Overwrite House IDs, which leads to Incorrect Pricing

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

`GaugeController::distributeRewards` can be called multiple times by anyone, leading to excessive reward distribution

Proposal Front-Running via Predictable Salt in `TimelockController::scheduleBatch`

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

The endAuction function attempts to send native tokens to the StabilityPool, which does not support

Lending pool reserve liquidity can be incorrectly accounted due to transferring accrued dust

Skewed Reward Distribution in GaugeController.sol

`mint` function in RToken contract doesn't return the correct expected values, leading to emission of ReserveLibrary `Deposit` event and LendingPool `Deposit` event with incorrect values.

Lack of enforcement of the `MAX_TOTAL_LOCKED_AMOUNT`

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Missing `BaseGauge::distributionCap` validation leads to over-emission of rewards

Treasury's allocated funds not tracked during withdrawals leads to accounting issue where recepient can receive more than allocated funds.

Wrong event emission

Missing kick function for users without voting power in gauge controller

Overwrite in `interestToClaim` in `DebitaV3Loan::payDebt` causes partial loss of lenders' accrued interest

Biased incentives mechanism unfairly benefits lonely lenders

Platform fees withdrawal will sweep oracle agents earned fees

BuyerAgent Batch Purchase Failure Due to Asset Transfer or Approval Revocation

Inaccurate best response selection in `LLMOracleCoordinator::getBestResponse`.

Remove splitter will always revert if there are some rewards left on splitter contract

Incorrect math in `TaxCalculator::calculateCompoundedFactor` will result in inaccurate fees

Inability to Support Multiple Shutdowns for the Same Collection

`shareBalance` bloating eventually blocks curator rewards distribution

Refunds sent to incorrect addresses in certain cases

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

Missing abort status check allows bid taker to steal users funds

Missing check for aborted origin offer allows bid takers to relist unbacked offers

Unnecessary balance checks and precision issues in TokenManager::_transfer

Trade tax and settled collateral amount are not updated in offer struct

When the `DeliveryPlace::settleAskMaker()` function calls `tokenManager.addTokenBalance()` to update the user balance, the `TokenBalanceType` parameter uses an operation, resulting in a balance update error

Forger Entities can forge more times than intended

`Golden God` Tokens can be minted twice per generation

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Incorrect access control in `BribeRewarder::_modify` blocks users deposits

`MlumStaking::addToPosition` should assing the amount multiplier based on the new lock duration instead of initial lock duration.

Users can extend current position's lock duration during emergency unlock

Vultisig whitelisting can be bypassed by anyone

Empty input bytes array in function call `PerAddressContinuousVestingMerkle::claim` will result in a wrong claim execution

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used