Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Fighter created by mintFromMergingPool can have arbitrary weight and element

Caller of Upkeep may skip step 11 to save gas

Malicious liquidity provider can prevent liquidation of loan and loss of funds to other liquidity providers

If loan is not liquidated in time, underflow may prevent loan from being liquidated using emergency mode

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

No slippage protection on `stake()` in SafEth.sol

[M-01] Incorrect refund of execution fee to user