Anyone can steal refunds intended for Solana receivers

GatewayTransferNative can be drained via ETH_ADDRESS token collection bypass

Cross-chain swaps will fail for USDT

On-chain slippage calculation can cause user to lose all funds

ETH refunds are always lost due to incorrect transfer logic in onRevert

Bitcoin refunds in onRevert are sent to uncontrolled EVM Addresses and permanently lost

Bug in AccountEncoder causes wrong Solana account permissions

GatewayTransferNative does not collect platform fee when native asset is bridged

Cross-chain calls from Solana are enabled even when gateway is paused

Abort processing after call originating from Solana will cause loss of funds

Invalid index used to fetch auction's address will prevent any auction from successfully ending

Fee beneficiary can miss collecting the fees due to the broken calculation

Underflow in collateral calculation can cause inability to redeem

Attacker can drain most of the reserves by weaponizing USDC blacklisting