Borrower can escape paying last payment cycle interest

Bidders can cancel their own bid when they are the highest bidder

Users can claim vested tokens more than once through re-entrancy

Unable to update Vesting user deposits when token is represented as Ether

`V3Vault.sol` permit signature does not check receiving token address is USDC

Liquidation reward sent to msg.sender instead of recipient

setReserveFactor fails to update global interest before updating reserve factor

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Can mint NFT with the desired attributes by reverting transaction

Unstakings are never deleted leading to addValidatorAddress DOSing permanently

OperationalStaking.stake() has no slippage checks

Anyone can participate in a future round for free

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Missing slippage protection in `liquidity_lockbox::withdraw`

First LP can DOS future LP stakers by withdrawing assets back to GSP contract

LendingTerm::debtCeiling() can return wrong debt as the min() is evaluated incorrectly

Possible to bypass saleConfig.limitPerAccount

XSS via SVG Construction contract

Frontrunning in UniswapHandler calls to UniswapV2Router