`updateParticipation()` will always revert due to wrongly implemented checks or will exceed `maxTokenAmountPerUser`

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

joining balancer pool may user less than `maxAmountsIn` but `BalancerRouter.sol` is not returning the remaining assets back to the user

Chainlink priceFeed doesn't exist for wstETH/USD or stETH/USD

Excess balancerPoolTokenReceived are not returned back to the user when calling `joinBalancerAndPredeposit()`

`Distributor.sol::claim()` also calculates the shares for cancelled auction.

Attacker can steal all the claimable rewards

A bad actor can front-run the raffle creation process and cancel the raffle before it is created by an admin.

Permanent Fund Locking Vulnerability Due to Inconsistent _lockedETH Updates

Admins Can Manipulate Raffle Odds by Minting Free Tickets by setting themselves as Role1

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Pause and unpause functions are inaccessible

Duplicate NFT generation via repeated forging with the same parent

`Golden God` Tokens can be minted twice per generation

Each generation should have 1 "Golden God" NFT, but there could be 0

Vultisig whitelisting can be bypassed by anyone