Potential issue in this check:

if (checked_weight / 2 * 3 < total_weight) {
throw(0xffff);
}

Division can round down checked_weight so that it won't reach total_weight and block will be invalidated

In the transaction-checker, the sender of the 'correct' message is not verified, allowing anyone to send a message and falsify the lite-client's check_block result.

In `verify_signatures`
- no check for duplicate validators
- you should take into account only main validators

In `save_validators` you should calculate weight of only first `main` validators.

On `new_key_block` message you don't check that block is from currently known epoch. You ignore seqno, prev_key_block_seqno, etc.

On `check_block` message you ignore signatures =)

In Transaction-checker smart-contract you send messages with flag 128. You send all balance of the contract.

On the line 73:
left_l = left_cs~match_label(n - 1, key);
It should be
left_l = left_cs~match_label(m - 1, key);

Implemented solid parsing but missed important security checks: no max_main_validators logic, no signature deduplication (one signature can be used multiple times), no prev_block/global_checks(minor), checks in check_block is commented. In transaction checker proper solution is tried to be implemented, but it seems buggy; no check of correspondence proof and block that sent to LC. No authorization checks LC->tx_checker.

More info on issues: https://contest.com/docs/TrustlessBridgeChallengeAssessment