RIPEMD160 precompile crashes with a Cairo exception for some input lengths

Jump in creation code leads to reverting of the starknet transaction

Invalid validation allows users to unlock early

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Attacker Can Frontruns User's Withdrawals To Make Them Reverts Without Costs

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Fighter created by mintFromMergingPool can have arbitrary weight and element

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token