[VPD-1247]: Hashdit Audit Mitigations for PrimeV2

[Debugger022]

Summary

• Apply 7 patches from the PrimeV2 preliminary audit done by hashdit (2 Lows + 5 Informationals).
• Cover storage gap, redundant queue removal, boundary validation, reentrancy hardening, and admin foot-gun prevention.
• Tests added for every behaviour change.

Changes

• L02 PrimeLeaderboardStorage: __gap[48] → __gap[45] (50-slot convention).
• L03 PrimeV2.removeMarket: drop redundant _queueScoreUpdates() (precondition guarantees zero score impact; was clobbering in-flight rounds).
• I03 PrimeV2.setMintThreshold: reject non-zero past mintDeadline_ (InvalidDeadline).
• I04 PrimeLeaderboard.xvsUpdated: apply nonReentrant on the only external-call surface.
• I05 PrimeLeaderboard.initializeStakers: reject ts == 0 || ts > block.timestamp (InvalidTimestamp).
• I11 PrimeV2.addMarket: restore V1's post-push _ensureMaxLoops(_allMarkets.length).
• I13 PrimeV2.issue / issueBatch: reject zero-address (matches claimPrime).
• NatSpec updated for all new revert paths.

Test plan

• yarn hardhat compile — clean
• yarn hardhat test tests/hardhat/PrimeV2/ — 191 passing
• Confirm removeMarket no longer wipes legitimate in-flight rounds
• Confirm addMarket reverts atomically when listing would exceed loopsLimit

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[GitGuru7]

changes LGTM

[fred-venus]

lgtm