`WinnablesTicketManager::refundPlayers` function not decrementing the `_lockedETH` will result in reduced balance admin can withdraw for token sales.

`WinnablesTicketManager::cancelRaffle` function allowing anyone to cancel a Raffle when it is in `PRIZE_LOCKED` state leads to DoS to create a raffle via `createRaffle`

`_sendCCIPMessage` not validating destination contract and chain selector allows users to pass arbitrary values and leads to message not being delivered to desired contract, which further leads to multiple issues.

`Roles::_setRole` doesn't consider the `status`, prevents admins to remove roles.