1. Arena Game Contract Vulnerability: Admin `set_token` Function Can Permanently Trap Player Funds
A critical security vulnerability has been identified in the Arena game contract, where an administrative function can permanently lock player deposits mid-game. The `set_token` function, which mutates the underlying `TOKEN_KEY` for the prize pool, lacks essential lifecycle guards. This allows an admin—whether acting a...