Minting zero tokens when underlyingToken is not Ether in cashIn()

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Invalid validation allows users to unlock early

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Incorrect deployment / missing contract will break functionality

Reward Dilution Vulnerability

Voting Power Retention After Vesting Revocation

The `BURNER` cannot burn tokens from accounts not KYC verified due to the check in `_beforeTokenTransfer`.

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

Minter / Staker / Spender roles can never be revoked`..,

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete