New suppliers can steal part of the borrow yield

Liquidators cannot retrieve any collateral after liquidations

User can be DoSed after upgrading due to incorrect internal accounting

Withdrawal from NFTs can be temporarily blocked

`reserveFactor` validation check cannot revert in case of invalid value assignment.

`payable` modifier on function without use of native currency can lead to locked ETH

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

The twTAP multiplier can be compromised with manipulated deposits of low value cost and high duration

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

frxETHMinter: Non-conforming ERC20 tokens not recoverable

Permanent freeze of vested tokens due to overflow in _baseVestedAmount

`timewindow` can be changed unexpectedly that blocks users from calling `deposit` function

unbounded loop length dos

Attacker contract can avoid being blocked by BlockList.sol

Project funds can be drained by reusing signatures, in some cases

Interface definition error