Attacker will steal tokens from users

Attacker will bridge fake tokens to Orderly for USDC

Executor can revert if in order execution is enabled

The default Governor Anastasius is unable to call `resetStakes`

Broken assumptions can lead to the inability to seize RSR

KIN-H02: Malicious users can prevent other users from redeeming rewards by manipulating `total_pooled` with duplicate withdrawal requests

Agents amount limitation due to ink! storage `Vec`

Malicious actors can manipulate ZVE staking rewards, extending the time to accrue the whole reward

Incorrect assertion might lead to DoS of `OCL_ZVE`

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Fighter created by mintFromMergingPool can have arbitrary weight and element