The `userBorrowedAssets` array is incorrectly updated during borrow repayments.

`seizeTokens` are calculated with incorrect exchange rate during cross-chain liquidations.

Accrued rewards not reset to zero after claim

supply and redeem functions are using outdated exchangeRate.

Wrong amount of borrow will be repaid by liquidator during cross-chain liquidation

Incorrect ltoken address used in cross-chain liquidation success message causes liquidation failure

During cross-chain borrow repayments/liqudations same-chain borrows are accidentally being cleared

cross-chain borrows are stored with reversed srcEid and destEid, causing them to be ignored in debt calculations

A malicious user can withdraw his collateral in between a cross-chain borrow.

cross-chain liquidators can steal funds without actually repaying debt

No way to withdraw protocol rewards for the admin

Incorrect LEND reward accounting.

Incorrect borrow accounting due to missing interest accrual on cross-chain borrows

Incorrect cross-chain collateral lookup in liquidation success handler causes revert

Healthy positions will be liquidated due to wrong liquidation check

Cross-chain liquidations will be blocked due to incorrect maxLiquidatable amount calculation.

Invariant in borrowWithInterest can be violated causing DoS

Interest for cross-chain borrow is calculated with wrong index.

Incorrect LEND reward distribution for cross-chain borrows

Incorrect liquidity check during cross-chain borrows leads to bad debt

CoreRouter must use a lower LTV than Compound to prevent liquidations and accounting failure

Borrower will loose funds if their repay transaction executes after cross-chain liquidation call

Incorrect borrow amount calculation leads false liquidations.

Incorrect calculations of allowed liquidatable amount

Incorrect liquidity check on destination chain.

An attacker can drain NumaVault right after deployment

cLST market can be drained using a fake collateral token address in leverageStrategy function

leverageStrategy will revert due users interest rate accrual

Precision loss in setMaxSpotOffsetBps function leads to Incorrect Numa Prices

No slippage check for leverageStrategy function

Numa tokens fee on transfer can be bypassed

`Tokens` Are Automatically Whitelisted Upon Creation And Binding Even When `_whiteListEnabled == false`

The Bridging Process will revert if the Collection is matched on the destination chain and not matched on the source chain

Infinite loop breaks whitelist removal funtionality on L2

`Bridge` is unable to transfer ownership and upgrade on `ERC721Bridgeable`

Starknet tokens deposited with use_withdraw_auto can never be withdrawn

Tokens irrecoverable by owner on L1 if not an `ERC721` receiver

Upon the transfer of an escrowed NFT from the bridge to the user on StarkNet, the escrow status remains unaltered, failing to be reset

The amount of `xezETH` in circulation will not represent the amount of `ezETH` tokens 1:1

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

stETH/ETH Feed being used opens up to 2 way deposit<->withdrawal arbitrage

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Lack of slippage and deadline during withdraw and deposit

Permit is supported by `JalaRouter02` not implemented in `JalaERC20`

Instant arbitrage oppurtunity in OracleMaker

Incorrect premium calculation in OracleMaker