The highest bidder can get auctioned the NFT for free by canceling their bid and closing the auction.

Calling `claimDeposit` after `requestDeposit` in the current epoch will lead the user to lose access to their deposits.

Wrong global lending limit check in `_deposit` function

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Minter / Staker / Spender roles can never be revoked`..,