Possible scenario for Signature Replay Attack

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

Attacker can gain control of counterfactual wallet

SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps

methods used by EntryPoint has `onlyOwner` modifier

AVAX Assigned High Water is updated incorrectly

Cancellation of minipool may skip MinipoolCancelMoratoriumSeconds checking if it was cancelled before

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

`requireNextActiveMultisig` will always return the first enabled multisig which increases the probability of stuck minipools

Coding logic of the contract upgrading renders upgrading contracts impractical