Unrestricted `notifyRewardAmount` function allows reward manipulation

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Incorrectly using delta currency amount instead of delta token amounts in `updateParticipaion()`

Adversary can win proposals with voting power as low as 4%

Auction will never succeed due to wrong check

Funds might remain locked in `BalancerRouter` when depositing in Balancer pool

The fee is double charged on every `create` or `redeem`

Low TVL and high Leverage Supply will DoS the redeem of Leverage tokens

Balancer LP tokens might be locked inside `BalancerRouter`

Incomplete handling of failed auctions

Redeeming all leverage tokens, will DoS their creation

Rounding will lead to broken invariant.

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Old router retains token allowance after update

Reputation market will be insolvent, due to incorrect increase of market funds when buying.

Incorrect fee calculation will overcharge users buying votes.

Incorrect calculation of fees in `EthosVouch` will cause partial loss of user's principle

Missing slippage protection on `sellVotes()`

Attacker can steal tokens intended for KYC-verified address

Users using `withdraw,` will receive more funds than the ones using `redeem`

Deleted address will still have full control over the profile.

Upgrades might cause storage collision

Users are unable to claim in more than 1 epoch.

Unaccounted protocol fee will lead to funds getting locked

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

Attacker can abuse `cancelRaffle` to DoS the protocol

`refundPlayers()` will prevent Admin from withdrawing assets

TokenManager - Unlimited withdraw

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

The maximum number of generations is infinite

Pause and unpause functions are inaccessible

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`