Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

Minting zero tokens when underlyingToken is not Ether in cashIn()

SettlementSignatureVerifier is missing check for duplicate validator signatures

`Golden God` Tokens can be minted twice per generation

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

BribeRewarder::fundAndBribe will always revert if fee on transfer tokens are used as rewarder main token

Vultisig whitelisting can be bypassed by anyone

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

[H-1] Incorrect `lossFee` Calculation in `GasProcess::processExecutionFee` to Resulting in Keeper's Financial Loss

Incorrect modifier condition

[M2] `Edition::mintBatch` will revert if you try to mint more than 1 NFTs

[M-1] `TitlesGraph::_setAcknowledged` does not change the state variable correctly

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults