_resetPerAddressTracking fails to reset all users accounts, this allows legitimate users to remain penalized in later phases

Description

• During a phase transition (Phase 1 → Phase 2 → Phase 3), the hook is intended to reset all per-address anti-bot tracking so that users start each phase with fresh limits and cooldowns.

  
  

• The _resetPerAddressTracking() function does not reset per-address state. Instead, it only zeroes mappings for address(0), leaving all real user state untouched. As a result, swap limits and cooldown penalties persist across phases, contradicting the intended design and causing users to be unfairly penalized in later phases.

Risk

Likelihood:

• Occurs on every phase transition after launch

• Affects all users who traded in an earlier phase

Impact:

• Legitimate users remain penalized in later phases

• Phase-based market relaxation fails, breaking launch fairness guarantees

Proof of Concept

1. User swaps during Phase 1 and accumulates addressSwappedAmount

2. Phase transitions to Phase 2

3. _resetPerAddressTracking() executes

4. User’s addressSwappedAmount remains unchanged

5. User immediately receives penalty fees in Phase 2

Recommended Mitigation