Incorrect allocation tracking as inconsistent token calculation in `Launch.updateParticipation()`

`FluidLocker::_getUnlockingPercentage()` cause incorrect unlock rate calculations for vesting unlock

Attacker will steal claiming funds from legitimate KYC users

Unable to reclaim votes after collection shutdown cancellation

Failure to account for delayed withdrawals in listing checks leads to incorrect listing validation and asset loss

Incorrect index handling in checkpoint creation leads to incorrect initial checkpoint retrieval and potential DoS

Incorrect tax accounting due to failure in handling liquidation listings in `Listings::relist()`

Incorrect use of `1000` for converting basis points to decimals in `compoundedFactor_` calculation

Liquidity provider loses Liquidity during collection initialization

The attacker will prevent eligible users from claiming the liquidated balance

Failure to delete the listing when it is reserved

Inability to shutdown/sunset a newly registered collection after previous shutdown

Refund logic in `Locker::initializeCollection()` incorrectly handles the return of unused tokens.

Protocol will fail to enforce proper token redemption limits, leading to potential over-redemptions by users.

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

Create account from `RegistryFactory` contract reverts due to unsorted external `attesters[]`

TempleGold tokens cannot be recovered when a `DaiGoldAuction` ends with 0 bids

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

Incorrect Fee Distribution: `collectionReferrerShare` Routed to Mint Referrer Instead of Collection Referrer

Excess Funds Not Returned to Sender as Intended in Minting Process

Potential swapping more than the given exact input amount

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Minter / Staker / Spender roles can never be revoked`..,

Burner role can not be revoked

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Unauthorized Access to setCurves Function

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject