ExecuteTallyVM has a memory leak which will lead to nodes eventually crashing

Gas costs are severely underpriced for certain WASM instructions which can lead to network DoS

VM call_result_value function doesn't charge gas which can result in chain DoS

Gas free messages can be used to DoS the network

A single valid validator can falsify consensus through signature duplication in postBatch

Malicious WASM program can cause denial of service attack against SEDA validators through unbounded stdout/stderr

Attacker can DOS liquidity migration in LiquidityManager.sol

Liquidated positions will still accrue rewards after being liquidated

Protocol bad debt is never handled

Users are not able to call ```Pool.sol#setUserUseReserveAsCollateral``` on their NFT positions

Malicious users can brick FaultDisputeGame deployments

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Can mint NFT with the desired attributes by reverting transaction

Update in strategy will cause wrong issuance of shares

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Borrower can drain all funds of a sanctioned lender

Extra ether sent to ```ArrakisV2Router#addLiquidityPermit2()``` is not properly refunded

Chainlink's `latestRoundData` may return stale or incorrect result

`pause/unpause` functionnalities not implemented in many pausable contracts

Lack of access control on crucial USSD minting and burning functionality

Hardcoded slippage protection value (amountOutMinimum) of '0' can result in lost funds

USSDRebalancer.getOwnValuation and getSupplyProportion are vulnerable to manipulation due to how they calculate token balances

Chainlink oracles are not checked for stale price

Chainlink oracle makes no check to see if the Arbitrum sequencer is down

A malicious market owner/protocol owner can front-run calls to lenderAcceptBid and change the marketplace fee to steal lender funds

CHALLENGER_REWARD can be used to drain reserves and free mint

[H-06] Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF

Loss of funds for traders due to accounting error in royalty calculations

RubiconMarket batchOffer and batchRequote make offers as self; complete loss of funds for some types of tokens, for example WETH

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

Loss of rewards due to multiple timed calls of rebalanceBasket