Distribute Earnings

You should be very familiar with ERC721Enumerable to understand the potential vulnerability here.

Sending the token in an owners receive() function will trigger _beforeTokenTransfer which will move the index to the last place in the ownedTokenOwners index. Sending each of your tokens to a different receiver should allow an owner to be double rewarded. So essentially: .call over say the 0th item => owner's receive => owner sends to any non-owner address => the indexOf that token is now at the length - 1 position => last token before .call will identify that as the owner.