Updating paritcipations breaks the system

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

`ChakraSettlement.receive_cross_chain_msg` and `ChakraSettlement.receive_cross_chain_callback` functions do not ensure that receiving `ChakraSettlement` contract's `contract_chain_name` must match `to_chain` corresponding to respective `txid` input though

Anyone can manipulate user nonce (nonce_manager) in settlement contract

SettlementSignatureVerifier is missing check for duplicate validator signatures

In Starknet already processed messages can be re-submitted and by anyone

handler's `receive_cross_chain_callback()` will always set the tx_status to `SETTLED` on source chain & burn the tokens (MintBurn Mode) even when the msg fails on destination

A cross-chain message can be initiated with invalid parameters

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Number of entities in generation can surpass the 10k number

Forger Entities can forge more times than intended

Pause and unpause functions are inaccessible

NFTs mature too slowly under default settings.

Duplicate NFT generation via repeated forging with the same parent

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Incorrect check against golden entropy value in the first two batches

Incompatibility with Multisig Wallets in `TempleGold::send` Function

Not upadting `_totalAuctionTokenAllocation` when removing last auction config at cooldown leads to wrong accounting of `_totalAuctionTokenAllocation` and permanent lock of auction tokens

Incosistent message generation in TempleTeleporter.quote() and TempleTeleporter.teleport() results in inaccurate required fee calculation by TempleTeleporter.quote()

Incorrect templeGold minting due to unresolved accumulation in `TempleGold::setVestingFactor`

Incorrect implementation of storage gaps in Midas contracts

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

`accPointsPerShare` can reach a very large value leading to overflows

`SophonFarming.updatePool` doesn't check if the farming has started

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

Attacker can increase the length of `withdrawQueue` by withdrawing 0 amount of tokens frequently

Incorrect modifier condition

Mint referral fee is stolen by the collection referral

`Edition.mintBatch()` will revert for batches with more than one tokens

`Edition.supportsInterface` is not EIP1155 compliant

`Edition._refundExcess()` will not refund user funds

`TitlesGraph` signatures are malleable

The `Vesting` contract can be drained because of a reentrancy in its `claim` function

Max allocations can be bypassed with multiple addresses because of guaranteed allocations

Claiming native tokens in `Vesting` does not work

Blocklisted investors can still claim USDC in `TokenSale.sol`

Blacklisting functionality can be completely bypassed by sandwiching the transaction

Not all ERC20 tokens can be bridged because of hardcoded `PREDICATE_ADDRESS`

When `DecentBridgeExecutor.execute` fails, funds will be sent to a random address

Due to missing checks on minimum gas passed through LayerZero, executions can fail on the destination chain

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

DecentEthRouter.sol#_bridgeWithPayload() - Any refunded ETH (native token) will be refunded to the DecentBridgeAdapter, making them stuck

Migration done on unaccessable users will result in a loss of their rewards

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

Multiple mints can brick any form of `salesOption` 3 mintings

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

getPrice `salesOption` 2 can round down to the lower barrier, skipping the last time period

Auction winner can prevent payments via `safeTransferFrom` callback

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Borrower can drain all funds of a sanctioned lender

Function WildcatMarketController.setAnnualInterestBips allows for values outside the factory range

`create2WithStoredInitCode()` does not revert if contract deployment failed

Incorrect source address decoding in RootBridgeAgent and BranchBridgeAgent's _requiresEndpoint breaks LayerZero communication

_hasVoiceCreditsLeft check is not working

Vote inflation due to incorrect accounting

Funds can be trapped in the vault strategy

Distribution not possible in some cases

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Zero address leads to transaction reverts

Loan can be seized during an auction

Unnecessary If condition in update() of Staking.sol