Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Attackers can double voting power and veToken amount by locking and increasing

Wrong access control in `RAACToken::setFeeCollector`, `RAACToken::setSwapTaxRate`, `RAACToken::setBurnTaxRate`

Paused Protocol Prevents Critical Functions Including Debt Repayment and Liquidations

`mint` function in RToken contract doesn't return the correct expected values, leading to emission of ReserveLibrary `Deposit` event and LendingPool `Deposit` event with incorrect values.

Limited veRaac Token Supply Triggers DoS, Hampering Proper Governance Participation.

`DebtToken::burn`'s Return Values are wrong

`DebtToken::burn()` event parameters and return values ​​are incorrect

Missing Router Update Mechanism in StrategyMainnet Contract

Old router retains token allowance after update

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

Incorrect referral fee calculations

Unrestricted validation score range for validators in `LLMOracleCoordinator::validate`.

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Incompatibility with Multisig Wallets in `TempleGold::send` Function

Chainlink's `latestRoundData` might return stale or incorrect results

Dangerous use of deadline parameter

V3Oracle susceptible to price manipulation

V3Vault is not ERC-4626 compliant

`costInEuros` calculation will incur precision loss due to division before multiplication

PnL system can be broken by large users intentionally or unintentionally.