Arena Smart Contract Vulnerability: Admin Can Switch Reward Token Mid-Game, Risking User Funds

A critical security flaw has been identified in the Arena smart contract's administrative `set_token` function. The vulnerability allows a contract admin to instantly change the address of the reward or stake token at any time, without regard for the current state of active games. This creates a direct risk where players who have staked one token (Token A) could find their ability to claim winnings compromised if the admin switches the contract to a different token (Token B) before a round concludes.

The issue resides in `contract/arena/src/lib.rs`. The function's lack of state validation means a token switch could cause players' `claim` transactions to fail entirely or, more dangerously, attempt to drain an incorrect token pool. This could effectively brick users' ability to retrieve their staked funds or earned rewards, representing a significant smart contract vulnerability.

The proposed solution is to constrain the `set_token` function's power. It should only be callable before the first game round begins or, more robustly, when the protocol's `total_staked` balance is strictly zero, ensuring no active player funds are at risk. Acceptance criteria for a fix include gating the function behind this zero-stake check and implementing comprehensive tests to validate the new safeguards.