Unit mismatch in interest calculation when rate decays to minimum rate

Total Protocol Collateral Can Become Less Than Sum of User Collateral

Incorrect APY check causes Oracle reverts immediately after deployment

The maxDeposit returns uint256.max despite hard deposit limits (EIP-4626 Violation)

Unoptimized subset matches counting implementation will exceed tx gas limit on base chain

Changing Payout Calculator During Active Drawing Causes Loss of Unclaimed Winnings

Global Variable Manipulation During Active Draw Alters End Result

If bonus ball max equals normal ball max then ticket buyers gain excessive edge

`set_invocation_costs_config()` fails to authorize admin allowing anyone to set invocation costs

`twap()` under-charges for multi-period queries due to hardcoded `periods=1`

Malicious users can prevent reward accumulation for all stakers by frequent `updateReward` call

Order double-linked list is broken because order.prevOrderId is not persisted

Removing only the tail order from a limit does not reduce tree size, allowing order book to grow indefinitely

FOK orders wrongly revert on dust residual amounts below lot size

Missing Slippage Check in `PendlePTStrategy` Can Lead to Sandwich Attacks

Migration will Reverts Due to Rounding Mismatch in Borrow Repayment

Incorrect asset matching for ETH/WETH leads to potential DoS of exitPosition in CurveConvexStrategy

Incorrect WithdrawRequestManager Lookup for ETH Token Causes Withdrawal Failure

Reward Loss During `migrateRewardPool` Due to `forceClaimAfter` Lock

Ethena Withdraw request can finalize with 0 token silently if `cooldownDuration == 0`

Missing Reward Manager When Using `CURVE_GAUGE` Directly in CurveConvex Strategy