There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

Anyone can manipulate user nonce (nonce_manager) in settlement contract

settlement.cairo doesn't process callback correctly leading to CrossChainMsgStatus marked as SUCCESS even if it failed on destination chain

In Starknet already processed messages can be re-submitted and by anyone

handler's `receive_cross_chain_callback()` will always set the tx_status to `SETTLED` on source chain & burn the tokens (MintBurn Mode) even when the msg fails on destination

Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement

The Bridging Process will revert if the Collection is matched on the destination chain and not matched on the source chain

There is No `msg.value` check in `depositTokens`, causing potential token stuck

Modifier VaultController._verifyCreatorOrOwner does not work as intented

VAULT CAN BE CREATED FOR NOT-YET-EXISTING ERC20 TOKENS, WHICH ALLOWS ATTACKERS TO SET TRAPS TO STEAL NFTs FROM BORROWERS

`_handleDeposit` and `_handleWithdraw` do not account for tokens with decimals higher than 18