Adversary can arbitrarily trigger a chain halt by sending `MsgRemove{Delegate}Stake` with negative amount

Active topics eligible for churning may be skipped due to pagination assuming consecutive topic ids

`AlloraPendingRewardForDelegator` module account could have insufficient rewards due to truncation

`GetAllReputersOutput`: If `listenedStakeFraction < minStakeFraction`, the differential will not be properly interpolated to ensure `listenedStakeFraction = minStakeFraction`

Topic could be activated despite not meeting the minimum topic weight threshold due to double counting of added fee revenue

`andromeda-vesting` contract will be disabled if `WithdrawAddrEnabled` is ever set to false on the deployment chain

Withdrawal of undelegated stake in `andromeda-validator-staking` will be DoSed if the validator is slashed for an infraction that occurred before beginning unbonding

Adversary can ensure delegation rewards are permanently lost in `validator-staking` due to unchanged withdrawal address and inability to directly withdraw funds

A user with limit permissions may be unable to take an action even if permissions are disabled due to underflow

Edge from dishonest challenge edge tree can inherit timer from honest tree allowing confirmation of incorrect assertion

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Filling orders may revert due to inconsistent fee rounding

Proposers can avoid the high risk quorum for high risk proposals by adding additional calldata

When `DecentBridgeExecutor.execute` fails, funds will be sent to a random address

Missing access control on UTB:receiveFromBridge allows UTB swaps to be executed without spending bridge fees while bypassing fee/swap instruction signature verification

User can get free entries if the price of any whitelisted ERC20 token is greater than the round's `valuePerEntry`

Removing any token with id less than the highest `tokenId` will block the holder from claiming their allocated TELCOIN and prevent further minting

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

A subject creator within a single block can claim holder fees without holding due to unprotected reentrancy path

onBalanceChange causes previously unclaimed rewards to be cleared

User can gain points for the duration their tokens were unlocked

Auction settlement could be DOSed due to inconsistency between calculated and deposited reward amounts

Tokens from the token reserve can be assigned to founders

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Incorrect flag results to _hasFallbackToggled always set to false on createMultipleSettlement.

Message channels can be blocked resulting in DoS

If RootBridgeAgent.lzReceiveNonBlocking reverts internally, the native token sent by relayer to RootBridgeAgent is left in RootBridgeAgent

Registering new recipients will corrupt the status bitmap in `DonationVotingMerkleDistribution` strategies

Unlimited `voiceCredits` for allocators in `QV` strategies

Accepted recipient can manipulate amount received for a milestone in `RFPSimpleStrategy`

Incorrect accounting in `_fundPool` for fee-on-transfer tokens

Incorrect accounting for claims in `DonationVotingMerkleDistributionVaultStrategy` for fee-on-transfer tokens

Multiple allocations to the same recipient by the same allocator will heavily inflate their received votes in `QV` strategies

`_registerRecipient` always reverts if `useRegistryAnchor = true` in `RFPSimpleStrategy`

Cached `DOMAIN_SEPARATOR` is incorrect for tranche tokens potentially breaking permit integrations

Lenders can force borrowers to default using CoolerCallback

Lenders can arbitrarily increase borrowers' owed amount forcing default

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

The peg stability module can be compromised by forcing lowerDepeg to revert.

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

CurveTricryptoOracle.sol reports heavily undervalued price of tricrypto LP token allowing unsafe position sizes

WConvexPool.sol will be broken on Arbitrum due to improper integration with Convex Arbitrum contracts

Users may be forced into long lock times to be able to undelegate back to themselves.

`SecurityCouncilMemberElectionGovernor` Owner Can Change `votingPeriod` During an Active Election

Unrestricted reclaim of payout/quote tokens allows user to steal all collateral from Teller