L-1: Solidity pragma should be specific, not wide

Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of pragma solidity ^0.8.0;, use pragma solidity 0.8.0;

L-2: PUSH0 is not supported by all chains

Solc compiler version 0.8.20 switches the default target EVM version to Shanghai, which means that the generated bytecode will include PUSH0 opcodes. Be sure to select the appropriate EVM version in case you intend to deploy on a chain other than mainnet like L2 chains that may not support PUSH0, otherwise deployment of your contracts will fail.

L-3: Using ERC721::_mint() can be dangerous

Using ERC721::_mint() can mint ERC721 tokens to addresses which don't support ERC721 tokens. Use _safeMint() instead of _mint() for ERC721.

L-4: prb-math not audited

The library [prb-math documents](// https://github.com/hifi-finance/prb-math#security) have not been audited by a security researcher. This means its more risky to rely on this library.

Recommend considering (crowdsourcing) an audit for prb-math.

L-5: Critical admin transfer should be two step process.

It's an excellent idea to utilize the concept of Ownable2Step. Ownable2Step inherits from Ownable and overrides the function transferOwnership() to designate the new owner as 'pending.' Subsequently, the receiver must invoke acceptOwnership() to complete the transfer. This approach guarantees that only an address with access to its private keys or control of the smart contract address can assume control of the smart contract.