Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

Unauthorized Token Transfers Due to Missing Caller Verification in PayWithErc20 function

Reward Rate Skew Due to Permissionless Deposits

Infinite Loop in `_getTokenIn()` Causes Out-of-Gas Revert on Multi-Hop Swaps Blocking leveraged Positions from being opened

Refund Underflow in Swap Refund Logic Leading to Locked Funds

BuyerAgent Batch Purchase Failure Due to Asset Transfer or Approval Revocation

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

Incorrect logic for checking isFillPriceValid

`LiquidationBranch::checkLiquidatableAccounts()` executes `for` loop with wrong values, causing array out of bounds to be recovered, the program will not work as expected

A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)

payable Modifier in TradingAccountBranch::createTradingAccountAndMulticall

UpgradeBranch.sol does not use _disableInitializers()

entryPoint() function cannot be overridden

Incompatibility with Multisig Wallets in `TempleGold::send` Function

Chainlink's `latestRoundData` might return stale or incorrect results

`Keepers` does not implement EIP712 correctly on multiple occasions

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Can mint NFT with the desired attributes by reverting transaction

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol