Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Users can claim more that their actual allotment

Outdated penalty fee gets charged if the penalty fee has changed since listing

Minting zero tokens when underlyingToken is not Ether in cashIn()

Accumulated ETH in the LamboVEthRouter will be irretrievable

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract