MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

The user can send tokens to any address by using two bridge transfers, even when transfers are restricted.

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

Lack of Comprehensive Pausability for Critical Functions

A bad price can be delivered in ChainlinkARBOracle

USDC is not valued correctly in case of a depeg, which causes a loss of funds

The `digest` calculation in `deployProxyAndDistributeBySignature` does not follow EIP-712 specification

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

If a winner is blacklisted on any of the tokens they can't receive their funds

Centralization Risk for trusted organizers

Using basis points for percentage is not precise enough for realistic use-cases

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Single-step process for critical ownership transfer is risky

There is no incentive to liquidate small positions