Unconditional lastUpdated advance in RangePool.sync leads to loss of streamed BMX when pool liquidity == 0

Duplicate Signatures Allow Single Signer to Bypass Valid Signer Threshold Requirement

Unrestricted Access to `payWithERC20` Allows Arbitrary Token Transfers and Accounting Discrepancies

ERC-20 Allowance Bypass: Spender Can Force Sender to Pay Extra Fees Beyond Approved Amount

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Refund Underflow in Swap Refund Logic Leading to Locked Funds

Collateral Level Manipulation via Bondsupply

The excess amount in the `preDeposit::_deposit()` is not returned back to the user