DoS via `adjustMaker` reverting for below-range (X-only) positions

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Fragmentation fee is not taken if user compensates with newly created position

User can mint all the maxSupply through Edition::mintBatch

_refundExcess doesn't work as expected in the protocol

_setAcknowledged is not implemented correctly

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

CouncilMember::burn is not correctly implemented

Unauthorized Access to setCurves Function

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

User can claim the `initialReleasePct` multiple times until the `cliff` is not passed

The price of rsEHT could be manipulated by the first staker

Attacker can reenter to mint all the collection supply

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

`rollLoan` is vulnerable to front-running

Borrower may pay more collateral than expected

lenderAcceptBid can be front-runned