Buyer doesn't receive NFT that they should get in `buyOrder.sellNFT()`

Frontrunning `rewardValidators()` for instant rewards

Validator cannot set new address if more than 300 unstakes in it's array

Array swap and pop method during burn() leads to complete loss of user rewards and breaks mint()

Unauthorized Access to setCurves Function

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Anyone with TST tokens can monitor the mempool and frontrun mint/burn functions to get EUROs rewards without even staking.

Incorrectly set `version` for `SmartVaultV3` breaks off-chain integration

Bidder can use donations to get VerbsToken from auction that already ended.