Brief audit of `prizes.ride` + `nfts.ride`

[deemru]

• [ ] LOW: args should be checked against , https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L99 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L54
• [ ] LOW: _type overriding possible https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L101
• [ ] LOW: 0 amount is valid https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L115
• [ ] MEDIUM: name length limits (16) not controlled anywhere so can be not enough for example when you reach # 1000 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L132
• [ ] LOW: _signature not controlled by timestamp (valid forever) https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L63-L71
• [ ] MEDIUM: the same separator can be a security concern https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L65-L67 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L77-L78
• [ ] MEDIUM: the most secure way in dapp-to-dapp environment is to "spent" a _signature at the beginning of the function (by self invoke) before any other dapp-to-dapp function calls https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L118
• [ ] TRIVIAL: it is assetIdOrMintType https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L85