The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Logical error in `validate_fees_are_paid` can cause a DoS or allow users to bypass fees if `denom_creation_fee` includes multiple coins including `pool_creation_fee` and the user attempts to pay all fees using only `pool_creation_fee`

Multi-token stableswap pools allow 0 liquidity for tokens, creating bricked pools

Spread calculation does not account for swap fees

User is unable to claim their reward for the expanded epochs if farm is expanded

Single sided liquidity can't be used to lock LP tokens in the farm manager

`withdraw_liquidity` lacks slippage protection

Incorrect implementation of the onDropMessage function in the L1ReverseCustomGateway contract

RevertBatch function can lead to two simultaneous challenges, causing various issues

If withdrawalLockBlocks is less than finalizationPeriodSeconds, it can cause incorrect slashing

sequencer cannot be penalized when it is at index 244 in the `stakerSet` of the `L1Staking` contract, which will result in incorrect slashing

Lack of a deadline in the `exitLateById` function can cause an unexpected increase in unlock time and a loss of potential future rewards.

An attacker can manipulate the preDepositvePrice to steal from other users.

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

First vault depositor can steal other's assets