Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

First Liquidity provider can claim all initial pool rewards

Attacker Can Inflate LP Position Value To Create a Bad Debt Loan

Attacker can take advantage of Chainlink price not occuring within it's 60 minute heartbeat to make PriceAggregator calls fail

Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`

If there is only one USDS borrower, he can never be liquidated

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete