Cross-chain unstake and fast redeem operations fail due to minAmountLD not accounting for LayerZero dust removal

Dependency on Uniswap V3 slot0 for asset valuation enables share price manipulation and vault draining

Use of onlyAuthorizedMatcher modifier enables authorized matchers to modify fees

Session signatures replay across wallets due to missing wallet binding

[Overwriting per-token lastRewardIndex] leads to loss of pending token rewards

Using trade.startTime as epoch anchor leads to incorrect completed-epoch rewards

Failure to advance lastMinted when totalStakedAmount == 0 leads to retroactive reward issuance and inflation

Unconditional lastUpdated advance in RangePool.sync leads to loss of streamed BMX when pool liquidity == 0

Duplicate Signatures Allow Single Signer to Bypass Valid Signer Threshold Requirement

Unrestricted Access to `payWithERC20` Allows Arbitrary Token Transfers and Accounting Discrepancies

ERC-20 Allowance Bypass: Spender Can Force Sender to Pay Extra Fees Beyond Approved Amount

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Refund Underflow in Swap Refund Logic Leading to Locked Funds

Collateral Level Manipulation via Bondsupply

The excess amount in the `preDeposit::_deposit()` is not returned back to the user