The most common vault bugs (from real audits)