Attacker will steal all users collateral from the migration

RewardAccumulator and VsTAN contracts can have precision loss in the calculation of rewards

Users will receive incorrect tokens due to stale exchange rate calculations in supply and redeem functions

Protocol rewards are permanently locked due to missing claim functionality

Users can receive duplicate LEND rewards due to missing claim status checks

Users will lose funds due to token decimal mismatches across chains

Incorrect Balance Check in Validator Redelegation Process May Block Legitimate Rebalancing Operations

Public `payWithERC20` Function Allows Unauthorized Token Transfers

Reward period can be extended with minimal amount

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

Treasury Balance Tracking Bypass in FeeCollector

Gauge reward system can be gamed with repeatedly stake/withdraw

Missing Boost Balance and other parameters Update in veRAACToken Functions. Incomplete Boost State Updates Result in Inaccurate Voting Power and Reward Distribution

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

LendingPool deposits do not work with CurveVault due to lack of funds

LendingPool::getNormalizedIncome() returns stale liquidity index

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

Liquidations are enabled when repayments are disabled, causing borrowers to lose funds without a chance to repay

Missing Liquidity Rebalancing in Repayments and Liquidations Leading to Inefficient Liquidity Management

closeLiquidation within LendingPool does not allow partial repayments, which can cause massive losses to users within edge case

Canceled vote still get voted on and accumulate voting power in Goverance.sol

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

Borrow, withdraw, deposit revert due to curve vault not having available liquidity or being paused.

Missing Check for Gauge Activation Status in vote :: GaugeController.sol

Subtraction in `variance()` will revert due to underflow

Platform fees withdrawal will sweep oracle agents earned fees

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

Due To The `minWithdrawalAmount` check Users Who Want To Withdraw Wont Be Able To Queue Their Token Withdrawals On Some Amounts

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

The maximum number of generations is infinite

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Pause and unpause functions are inaccessible

Duplicate NFT generation via repeated forging with the same parent

`Golden God` Tokens can be minted twice per generation

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs