Use of onlyAuthorizedMatcher modifier enables authorized matchers to modify fees

Session signatures replay across wallets due to missing wallet binding

[Overwriting per-token lastRewardIndex] leads to loss of pending token rewards

Using trade.startTime as epoch anchor leads to incorrect completed-epoch rewards

Failure to advance lastMinted when totalStakedAmount == 0 leads to retroactive reward issuance and inflation

Unconditional lastUpdated advance in RangePool.sync leads to loss of streamed BMX when pool liquidity == 0

Duplicate Signatures Allow Single Signer to Bypass Valid Signer Threshold Requirement

Unrestricted Access to `payWithERC20` Allows Arbitrary Token Transfers and Accounting Discrepancies

ERC-20 Allowance Bypass: Spender Can Force Sender to Pay Extra Fees Beyond Approved Amount

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Refund Underflow in Swap Refund Logic Leading to Locked Funds

Collateral Level Manipulation via Bondsupply

The excess amount in the `preDeposit::_deposit()` is not returned back to the user