Pending withdrawals prevent safe removal of collateral assets

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

`Auctioneer.auction()` always overwrites first auction's parameters

Blacklisted users allowed to claim USDC

Funds locked due to missing transfer check

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Burner role can not be revoked