CoreRouter will misrecord lToken amounts for suppliers and redeemers.

Reentrant LEND token claiming in `CoreRouter.claimLend()` leading to infinite reward drain.

Incorrect liquidation limit due to stale borrow interest calculation.

Double interest calculation could lead to false liquidation triggers.

Users can invoke `notifyRewardAmount()` with a dust reward amount to reduce the reward rate.

The calculation of fees in `Pool.sol` is incorrect.

Users may pay more fees than they should when buying votes.

The fees should not be added to the `marketFunds` in the `buyVotes` function.

The `sellNFT` function transfers the NFT to the `buyOrder.sol` contract instead of the buyer.

A lending offer can be canceled repeatedly.

The precision loss in the fee percentage for connecting offers results in the borrower paying less than the expected fee.

Incorrect minimum fee is used to adjust the loan fee, which may prevent the borrower from extending the loan.

In `extendLoan`, the `maxDeadline` instead of `maxDuration` is used to calculate the fees, which may cause the borrower to pay more fees.

Users can obtain about a floor liquidity for any liquid duration without paying any fees.

User's collection tokens may be locked in the `CollectionShutdown.sol` contract if the shutdown process is canceled.

Modifying the listing price will result in an overcharge of tax.

Modifier `LVDepositNotPaused` checks the `isWithdrawalPaused` instead of the `isDepositPaused`.

Admin cannot deny roles to other users.

The checking on whether the lock time of the position is sufficient for voting is incorrect

If the approver renews or extends a lock position, the position's current rewards are transferred to the approver instead of the position owner.

For a new `drawId`, `startDraw` always reverts if the time elapsed for the first `startDraw` exceeds the auction duration.

Prize winners can set claim hooks to revert `claimPrize` from others to save the claim rewards.

Incorrect checking in `receiveFlashLoan` can cause `swapETHForYt` to fail unexpectedly.

Excess mint fees are not returned to the minter as expected.

`mintBatch` always reverts when minting for multiple works, breaking the core contract functionality.

Pre-funded `FPAM` auctions may lead seller to lose funds.

Users lose some tax refunds when making claims.

`updateUserDeposit` does not support Blast chain's native token.

Users blocked by `blockClaim` can still make claims.

The last council member cannot claim his allocated TELCOIN after someone's token is burnt.

Users can claim more tokens than they staked during cliff period.

The first founder lose a portion of his token ownership when `reservedUntilTokenId >= 100`.

A token owner cannot remove one mgCvg delegation when he already delegates to `maxMgDelegatees` addresses.