Fees aren't distributed properly for positions with multiple lenders, causing loss of funds for lenders

Entrance fees are distributed wrongly in loans with multiple lenders

A borrower eligible for liquidation can pay an improperly large amount of fees, and may be unfairly liquidated

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Can mint NFT with the desired attributes by reverting transaction

Constraints of dailyAllowanceReplenishTime and allowanceRemaining during mint() can be bypassed by using alias accounts & safeTransferFrom()

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Fighter created by mintFromMergingPool can have arbitrary weight and element

GaugeController: Reducing gauge weight via change_gauge_weight() can lead to permanent DoS of all non-view functions related to a gauge, trapping user voting power and DoSing rewarding in the CvgRewards contract

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

DoS of lenders and gas griefing by packing tokenIdToBorrowingKeys arrays

Incorrect decimal usage in score calculation leads to reduced user reward earnings

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

DoS and gas griefing of calls to Prime.updateScores()

It is possible to DoS all the functions related to some gauge in `GaugeController`

Voters from VotingEscrow can vote infinite times in vote_for_gauge_weights() of GaugeController

If governance removes a gauge, user's voting power for that gauge will be lost.