A compromised address can remove all other addresses from the profile and cause permanent DoS

A user cannot claim rewards for a new epoch if they have claimed rewards for a previous epoch

Total distributed rewards does not match initial deposit minus protocol fees

`L1ReverseCustomGateway.sol::onDropMessage()` will revert, leading to locked ERC20 tokens

Unclaimed sequencer commissions will be lost forever if the sequencer withdraws on L1 or gets slashed on L1

L1 block re-org could cause an honest challenger to lose their `challengeDeposit`

The 255th staker in `L1Staking.sol` can avoid getting slashed and inadvertently cause fund loss to stakers

Batches committed during an on going challenge can avoid being challenged

`Tokens` Are Automatically Whitelisted Upon Creation And Binding Even When `_whiteListEnabled == false`

Starknet tokens deposited with use_withdraw_auto can never be withdrawn

Reentrancy attack to make an NFT unbridgeable

Upon the transfer of an escrowed NFT from the bridge to the user on StarkNet, the escrow status remains unaltered, failing to be reset

Incorrect function signatures in `_callBaseUri` break `baseURI` functionality

User may lose funds when creating Nexus account or executing user operations

Factory deployments won't work correctly on the ZKsync chain

`delegated[]` state is not removed after it reaches zero, potentially leading to higher computational costs and DoS

`PanopticFactory` uses spot price when deploying new pools, resulting in liquidity manipulation when minting

`collectionReferrerShare` is routed to the wrong referrer in `FeeManager.sol`

A user can mint tokens of `tokenId` at a much lower cost due to incorrect fee collection logic in `Edition.sol`

`Edition.sol::mintBatch()` will always revert for `tokenIds_.length` greater than 1

`EDITION_MINTER_ROLE` is not configurable as `grantRoles()` cannot be called in `Edition.sol`

The mint fees is sent to the old creator even after updating the creator with `transferWork()`

Updating the fee strategy using `setFeeStrategy()` does not update the royalty info, resulting in inconsistent royalty information

`PanopticFactory` uses spot price when deploying new pools, resulting in liquidity manipulation when minting

A vulnerability in the `_cancelAllBids` function allows the highest bidder to obtain the `Stewardship License` for free

Auction fails if the 'Honorarium Rate' is 0%

Claiming a deposit in the same Epoch in which the deposit was requested will lead to loss of funds

Calling `requestRedeem` with `_msgSender() != owner` will lead to user's shares being locked in the vault forever

Any fee claim lesser than the total `yieldFeeBalance` as unit of shares is lost and locked in the `PrizeVault` contract