A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

Can mint NFT with the desired attributes by reverting transaction

Burner role can not be revoked

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Fighter created by mintFromMergingPool can have arbitrary weight and element

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Persistent Contract Call revert prevents finalizing a ballot

Reusing a SALT that has already been used for voting can allow a malicious proposal to pass and compromise the protocol.

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unauthorized Access to setCurves Function

Multiple Chainlink Price Feeds' timestamps of the latest round data are checked against the same value in `ChainLinkOraclePivot._getLatestRoundData()`