Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Flawed bid cancellation logic allows user to win auction with 100% certainty without even spending any money

Reentrancy when claiming vesting funds allows attacker to steal all other users' funds

No way for vesting contract to receive native funds to pay out to users

Partial withdrawals to operator delegator are bricked due to low-level call gas limit

Attacker can front-run rewards distribution to be awarded unfairly which decreases the yield for honest users

Minting formula does not subtract pending withdrawals

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Can mint NFT with the desired attributes by reverting transaction

Constraints of dailyAllowanceReplenishTime and allowanceRemaining during mint() can be bypassed by using alias accounts & safeTransferFrom()

Fighter created by mintFromMergingPool can have arbitrary weight and element

No proposal time limit traps sponsors of unpopular proposals

SALT staker can get extra voting power by simply unstaking their xSALT

Creation of token whitelisting proposals can be DOS'd

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Selling will be bricked if all other tokens are withdrawn to ERC20 token

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Incompatibility With Fee-On-Transfer Tokens

Front-Running rollLoan With newTermsForRoll Forces High Interest Rate on Loan

No Access Control Modifier for rollLoan() can Force Borrower to Default and Lose Collateral