User can vote twice once the lock duration elapses

Any unclaimed and undistributed bribe rewards are locked in the BribeRewarder contract

The `vote` function does not work in case there is `BribeRewarder` assigned to the pool

`addToPosition` access control can be bypassed

The `fundAndBribe` of `BribeRewarder` is not compatible with fee on transfer tokens

Denial of Service attack for bribe mechanism

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

Malicious users can prevent holders from claiming their rewards during a reward cycle by skipping it.

Withdrawal from NFTs can be temporarily blocked

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Can mint NFT with the desired attributes by reverting transaction