The operator can create a `NativeVault` that can be silently unslashable.

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

Borrower has no way to update `maxTotalSupply` of `market` or close market.

V3Proxy swapTokensForExactETH does not send back to the caller the unused input tokens

Return value of low level `call` not checked.

`UlyssesToken` asset ID accounting error

Ulysses omnichain - addbridgeagentfactory in rootPort is not functional