Malicious proposer can crash other nodes by bloating databases

Addresses can be pre-populated with bad data

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unauthorized Access to setCurves Function

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

The price of rsEHT could be manipulated by the first staker

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

Auction winner can prevent payments via `safeTransferFrom` callback

A safe that been created using version 1.40=< will not be compatible with Brahma

Allocator can allocate more voiceCredits than maxVoiceCreditsPerAllocator.

Lack of `receive()` function in QVSimpleStrategy breaks core functionality of the project

Underflow in updateTranscoderWithFees can cause corrupted data and loss of winning tickets.

Blacklisted STADIUM_ADDRESS address cause fund stuck in the contract forever

If a winner is blacklisted on any of the tokens they can't receive their funds

Reentrancy guard and nonReentrant modifier not required.