Lack of Token Allowance Validation in the `RedemptionVault.sol#_approveRequest()` Function

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Native token withdrawal fails until manually approved

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

[H-4] The function `PreMarkets::listOffer` charges an incorrect collateral amount, allowing users to manipulating collateral rates and drain the protocol's funds

The maximum number of generations is infinite

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Excess ETH from `forgingFee` can get stuck in `EntityForging` under certain situations

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Rewards May Not Be Claimed When Depositing

Denial of Service (DoS) Vulnerability in `StakedEXA.sol#harvest()` Function

Incorrect Handling of Gauge Rewards in `pauseGauge` and `killGaugeTotally` Functions of Voter Contract

Incorrect handling of `_lastUpdateTimestamp` in function `BribeRewarder.sol#_calculateRewards()`

The fee-on-transfer token cannot be used as a reward token in `BribeRewarder.sol`.

Chainlink's `latestRoundData` might return stale or incorrect results

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens