CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

Incorrect initialization of `SecurityCouncilMemberRemovalGovernor` contract

Distribution records can be initialised repeatedly to gain infinite voting power

Inconsistent minting and burning of tokens in `AdvancedDistributor`

`SafeERC20.safeApprove` reverts for changing existing approvals

`CrosschainDistributor._settleClaim` does not pass any relayer fee to the `xcall`

Incorrect amount allocation in `AccountFacet.depositAndAllocateForPartyB`

Validation of Muon signatures can be frontrunned by increasing nonces

Validity of `symbolId` is not checked when creating new quote in the `openPosition` function.

`LibQuote.returnTradingFee` will revert if `feeCollector` has insufficient `balances`

Trading fee is not returned for un-opened positions whose partyB is getting liquidated.

Liquidators can prevent users from making their positions healthy during an unpause

Liquidators can prevent users from making their positions healthy during an unpause

HexUtils.hexStringToBytes32() and HexUtils.hexToAddress() may return incorrect results

Royalty receiver can drain a private pool

`Factory.create`: Predictability of pool address creates multiple issues.

Loss of funds for traders due to accounting error in royalty calculations

Royalty recipients will not get fair share of royalties

An attacker can manipulate the preDepositvePrice to steal from other users.

DoS due to external call failure

createProposal snapshot block can temporarily desync with minApproval / minVotingPower

If the strategy incurs a loss the Active Pool will stop working until the shortfall is paid out entirely

KYCRegistry is susceptible to signature replay attack.

`CashManager.setEpochDuration` functions has inconsistent output.

Placeholder

Battery discharge mechanism doesn't work correctly for first redemption

`saleReceiver` and `feeReceiver` can steal refunds after sale has ended

`OpenEdition.buy()` might revert due to uint overflow when it should work.

ETH will get stuck if all NFTs do not get sold.

Sale contracts can be bricked if any other minter mints a token with an id that overlaps the sale

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

`CrossChainExecutor` contracts do not update the necessary states for failing transactions.