Any token a user approves to the Blueprint contract can be stolen using the payWithERC20 function

currencyAmount is wrongly used to track and update tokenAmount in UpdateParticipation

generateOrderId's current implementation can lead to duplicated OrderIDs

Consensus Mechanism Allows Participation Of Voters With Insufficent Stake

Some reward Tokens will get stuck in the contract due to amountPerEpoch division remainder not being accounted for

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

TokenManager - Unlimited withdraw

Native token withdrawal fails until manually approved

Unnecessary balance checks and precision issues in TokenManager::_transfer

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

_disableInitializers is missing in Bridge’s constructor

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Griefing attack on seller's airdrop benefits

Pause and unpause functions are inaccessible

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol

`ArtPiece.totalVotesSupply` and `ArtPiece.quorumVotes` are incorrectly calculated due to inclusion of the inaccessible voting powers of the NFT that is being auctioned at the moment when an art piece is created

CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse