`AccountingManager::resetMiddle` will not behave as expected

A Vault can steal all funds from another Vault through the Registry's flash loan contract due to insufficient access control in `Connector.sendTokensToTrustedAddress()`

`PendleConnector` incorrectly sends the redeemed `PT` tokens to the market instead of the

Loss of funds in `PendleConnector.depositIntoMarket()`

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

Withdrawals in AccountManager are prone to DOS attacks.

The total deposit amount limit in `AccountingManager.sol` can be bypassed

Incorrect modifier condition

Balancer flashloan contract can be DOSed completely by sending 1 wei to it

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Minter / Staker / Spender roles can never be revoked`..,

Fighter created by mintFromMergingPool can have arbitrary weight and element

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Attacker can reenter to mint all the collection supply

Auction winner can prevent payments via `safeTransferFrom` callback

Redeeming a Settlement won't work for unsigned messages when the communicating dApps have different addresses on the different chains

All tokens can be stolen from `VirtualAccount` due to missing access modifier

QV strategy missing allocators voiceCredits update

QV Strategy has no receive() function

QV strategy allocate() and distribute() can be called in the same block

QV strategy wrong `voiceCreditsCastToRecipient` update calculations

RFP strategy reverts when there is more than 1 milestone

RFP strategy register always reverts if using registry Anchor

Allo pool funding can avoid paying percent fee

Upgraded Q -> 2 from #345 [1678798666534]

Upgraded Q -> 2 from #345 [1678798679676]