Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

V3Vault is not ERC-4626 compliant

PrincipalToken is not ERC-5095 compliant

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Can mint NFT with the desired attributes by reverting transaction

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

LendingPool.sol#donateToTranche is vulnerable to reward hunting attacks through front-running

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

No proposal time limit traps sponsors of unpopular proposals

DOS of proposals by abusing ballot names without important parameters

Remove Liquidity has missing reserve1 DUST check, which can make reserve1 to be less than DUST

Impossible to change managed wallets with `proposeWallets` after first rejection

Single token purchase restriction on curve creation enables sniping

onBalanceChange causes previously unclaimed rewards to be cleared