Any External Actor will Steal Approved ZRC20 Tokens from `GatewayTransferNative` Contract

CrossChainRouter will use incorrect collateral amount and token for debt repayment during cross-chain liquidation, disrupting the process for the protocol, liquidators, and borrowers

Incorrect Liquidation Check in `_checkLiquidationValid` May Lead to Unfair Liquidations or Prevention of Valid Liquidations

Incorrect Logic in `borrowWithInterest` Leads to Understated Cross-Chain Debt and Risk of Protocol Insolvency

CoreRouter Prone to Fund Depletion or Trapping Due to Miscalculated Redemption Payouts

Liquidator may under-liquidate positions due to `maxClose` using incompletely accrued balance for same-chain borrows

Zero Tax Exploitation in Withdrawal Function

Contract logic flaw will mismatch internal and external vault shares, potentially trapping user funds.

Attacker can steal user funds via ERC4626 inflation attack on underlying vault

Uninitialized feeRecipient will divert protocol fees to the zero address, impacting protocol revenue

A malicious actor will exploit the miscalculation, impacting leveraged position holders