`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

The maximum number of generations is infinite

Number of entities in generation can surpass the 10k number

Wrong minting logic based on total token count across generations

Forger Entities can forge more times than intended

Pause and unpause functions are inaccessible

Excess ETH from `forgingFee` can get stuck in `EntityForging` under certain situations

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Single plot can be occupied by multiple renters

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

`BOLDUpgradeAction.sol` will fail to upgrade contracts due to error in the `perform` function

User funds can be lost in favor of Zeta protocol during a CCTX due to contracts being paused

Disabling outbound transactions is ineffective and allows for Zeta token theft

Possible index out of range in GetVoterIndex could cause ballot to never finalize due to panic

When updating gas, if one chain fails, the others should continue to be updated instead of being skipped.

UpdateSystemContract is not copying gasPriceByChainId state variable to the new upgraded which will halt ZRC20 token withdraw until system contract is updated accordingly

Outbound zEVM cross-chain messages ignore the user-specified gas limit and may fail with an out-of-gas error

User not refunded for failed Zeta gas payment in cross chain transaction

Blacklisted STADIUM_ADDRESS address cause fund stuck in the contract forever

If a winner is blacklisted on any of the tokens they can't receive their funds

Using basis points for percentage is not precise enough for realistic use-cases

Potential loss of value in YieldBox's `depositETHAsset()`

Pre-defined limit is different from the spec.

Reward accounting is incorrect in BathBuddy contract