User can be DoSed after upgrading due to incorrect internal accounting

Withdrawal from NFTs can be temporarily blocked

`reserveFactor` validation check cannot revert in case of invalid value assignment.

`payable` modifier on function without use of native currency can lead to locked ETH

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

The twTAP multiplier can be compromised with manipulated deposits of low value cost and high duration

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

frxETHMinter: Non-conforming ERC20 tokens not recoverable

Permanent freeze of vested tokens due to overflow in _baseVestedAmount

`timewindow` can be changed unexpectedly that blocks users from calling `deposit` function

unbounded loop length dos

Attacker contract can avoid being blocked by BlockList.sol

Project funds can be drained by reusing signatures, in some cases

Interface definition error