Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Incompatibility with Multisig Wallets in `TempleGold::send` Function

Incosistent message generation in TempleTeleporter.quote() and TempleTeleporter.teleport() results in inaccurate required fee calculation by TempleTeleporter.quote()

Improper Domain Separator Hash in _domainSeparatorV4() Function

Invalid validation allows users to unlock early

Single plot can be occupied by multiple renters

Players can gain more NFTs benefiting from that past remainder in subsequent locks

SablierV2Lockup is not EIP4906 compliant.

Availability of deposit invariant can be bypassed

Highest bidder can cancel his bids and withdraw all the collateral using ``_cancelAllBids()`` function.

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Minter / Staker / Spender roles can never be revoked`..,

Use custom gas in `sendMintMessage` instead of default gas

Do not hardcode `_zroPaymentAddress` field to `address(0)`

Rewards can be drained because of lack of access control

Missing deadline check allow pending transactions to be maliciously executed

`costInEuros` calculation will incur precision loss due to division before multiplication

A malicious lender can call ``rollLoan()`` himself to increase ``borrowers`` loan repay amount.

A malicious lender can front-run ``rollLoan()`` to set additional ``duration_`` to 1 and ``interest_`` very high.

If a winner is blacklisted on any of the tokens they can't receive their funds

Centralization Risk for trusted organizers

Organizers are not incentivized to deploy and distribute to winners causing that winners may not to be rewarded for a long time and force the protocol owner to manage the distribution

Borrower can bypass maxLoanRatio's configuration of a pool via buyLoan()

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Attacker can steal a loan's collateral and break the protocol

Zero address leads to transaction reverts

Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`

Missing Events Emitting

No use of Ownable in Staking contract.

Use do while loops instead of for loops.

MaxLoanRatio is not configured properly.

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

Lack of events for critical actions

Double checks

[G-01] - Use `do-while` loop instead of `for-loop` to save users gas cost.

Lack of proper event emission at resolveDispute function.

Use Constants instead of Enum

Incomplete, incorrect or ambiguous comments

Reentrancy guard and nonReentrant modifier not required.