Inconsistent balance accounting in stETH deposits leads to DOS of core functions and reward loss

Same heartbeat for multiple price feeds is vulnerable

Improper address validation allows unauthorized refund claims via `claimRefund` bypassing `bots` mapping

Bypass of asset verification in `GatewayTransferNative::withdrawToNativeChain` enables theft of contract-held tokens via malicious ZRC20 message payload

Fee deduction logic mismatch causes incorrect amount processing in `GatewayTransferNative::onCall`

Griefing vulnerability via external ID collision in `GatewayCrossChain::onCall` leading to refund data overwrite

Any use can extend the state.periodFinish