Token Accounting Mismatch in updateParticipation() function

Weak PRNG in `ERC20Incentive::drawRaffle()`

The incentive contracts are not compatible with rebasing/deflationary/inflationary tokens

Incorrect Calculation of Assets in `getSupplyBalance()` and `getDebtBalance()` inside `PositionBalanceConfiguration.sol`

Repaying function will revert in most cases

setReserveFactor() does not call updateState() before setting new reserveFactor

Denial of Service Vulnerability in Raffle Cancellation Logic

Irreversible Role Assignment in Roles.sol

Number of entities in generation can surpass the 10k number

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Usage of hardcoded 0 as limit in _sellStakedUSDe() function allows for sandwich opportunities.

`minAmountOut` set to 0 in `_redeemPT()` can cause loss of funds through redemption

No deadline protection in functions `earlyExitById()` amd `exitLateById()` can cause bigger penalties or cooldown periods for the user.

Incorrect Updation of _checkpoints[account] in `ZivoeRewardsVesting::revokeVestingSchedule()` can mess up accounting of votes

Potential loss of rewards and incorrect account of _totalSupply if the user executes `withdraw()` before being revoked

On combining loans, the new calculated APR rounds down causing the user to pay less interest

`Vesting.sol::claim()` does not follow CEI making the function susceptible to Reentrancy Attacks.

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Fighter created by mintFromMergingPool can have arbitrary weight and element