A sophisticated attacker could forge invalid proofs that the on-chain verifier would still accept. This would have allowed unauthorized actions such as minting unlimited tokens or withdrawing tokens from other accounts.
Geth’s concentrated use is a risk as the majority of Ethereum validators could lose their staked Ether if it has a critical bug, claims one Ethereum diversity advocate.
The lion's share of Ethereum's validators rely on the same piece of software to power their operations. According to some experts, this could be a big risk.