UNAUTHORIZED TOKEN TRANSFERS: Public payWithERC20 function allows token theft

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

Reward manipulation vulnerability in StabilityPool

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

Missing Vote Frequency Control in GaugeController

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

There is no logic checking for RAACNFT price staleness before minting it

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

Workingsupply would always be overwritten in boostcontroller.sol impacting reward calculations

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

RAACToken burns less tokens than expected when feeCollector is unset

Limited veRaac Token Supply Triggers DoS, Hampering Proper Governance Participation.

Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions

Unauthorized Vote Casting Vulnerability

Stale Price Data in Oracle Implementations: PythOracle

Users Can Join DAOs Using Removed Currencies Due To Missing Validation

Unrestricted validation score range for validators in `LLMOracleCoordinator::validate`.

Sequential Fee Calculations Lead to Lost Platform Revenue Due to Precision Loss