An attacker can drain NumaVault right after deployment

cLST market can be drained using a fake collateral token address in leverageStrategy function

leverageStrategy will revert due users interest rate accrual

Precision loss in setMaxSpotOffsetBps function leads to Incorrect Numa Prices

No slippage check for leverageStrategy function

Numa tokens fee on transfer can be bypassed

`Tokens` Are Automatically Whitelisted Upon Creation And Binding Even When `_whiteListEnabled == false`

The Bridging Process will revert if the Collection is matched on the destination chain and not matched on the source chain

Infinite loop breaks whitelist removal funtionality on L2

`Bridge` is unable to transfer ownership and upgrade on `ERC721Bridgeable`

Starknet tokens deposited with use_withdraw_auto can never be withdrawn

Tokens irrecoverable by owner on L1 if not an `ERC721` receiver

Upon the transfer of an escrowed NFT from the bridge to the user on StarkNet, the escrow status remains unaltered, failing to be reset

The amount of `xezETH` in circulation will not represent the amount of `ezETH` tokens 1:1

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

stETH/ETH Feed being used opens up to 2 way deposit<->withdrawal arbitrage

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Lack of slippage and deadline during withdraw and deposit

Permit is supported by `JalaRouter02` not implemented in `JalaERC20`

Instant arbitrage oppurtunity in OracleMaker

Incorrect premium calculation in OracleMaker