A buyer with a high fee rate will cause a loss of funds for the seller

Loss of accrued rewards on `stake()` and `unstake()`

An attacker will prevent reward accrual for all stakers.

`WStable::mint` uses `previewMint` instead of `previewRedeem` when depositing vault shares

`PendlePTRouter` will cause denial of service for users swapping non-compliant ERC20 tokens

Inconsistent balance accounting in stETH deposits leads to DOS of core functions and reward loss

Same heartbeat for multiple price feeds is vulnerable

Incorrect transfer size validation after time window reset can lead to rebalancing DoS

`wrapAndSupplyOnExtensionMarket` fails to forward `msg.value` causing transaction reverts when ETH is required

Improper address validation allows unauthorized refund claims via `claimRefund` bypassing `bots` mapping

Bypass of asset verification in `GatewayTransferNative::withdrawToNativeChain` enables theft of contract-held tokens via malicious ZRC20 message payload

Fee deduction logic mismatch causes incorrect amount processing in `GatewayTransferNative::onCall`

Griefing vulnerability via external ID collision in `GatewayCrossChain::onCall` leading to refund data overwrite

Any use can extend the state.periodFinish