Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

`TemporalGovernor` can be bricked by `guardian`

Answer of Chainlink oracle is not sufficently validated and can return invalid/stale price

No checks for Arbitrum and Optimism Sequencer being active

Anyone can arbitrarily change the total supply of the USSD token through minting/burning due to functions missing critical access modifier

StableOracleWBTC uses Chainlink ETH/USD price feed instead of BTC/USD price feed

All swaps in the protocol are executed without slippage protection

Chainlink's latestRoundData() is not sufficiently validated and therefore can lead to stale or incorrect results

Chainlink Oracle will return the wrong asset price if minAnswer is hit

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

DOS attack prevents refunding previous bid in Shortfall.sol and malicious bidder always wins the auction

Claiming ERC20 tokens fails silently while claimable token count is still decreased due to ERC20 token not reverting on failed transfer