A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Minter / Staker / Spender roles can never be revoked`..,

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Fighter created by mintFromMergingPool can have arbitrary weight and element

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Theft of holder fees when `holderFeePercent` was positive and is set to zero

Violation of ERC-721 Standard in VerbsToken:tokenURI Implementation

Bidder can use donations to get VerbsToken from auction that already ended.

It may be possible to DoS AuctionHouse by specifying malicious creators

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

Auction winner can prevent payments via `safeTransferFrom` callback

All tokens can be stolen from `VirtualAccount` due to missing access modifier

The peg stability module can be compromised by forcing lowerDepeg to revert.