imo the biggest concern isn't with the federated bridge set up. it's more with the citrea network not having "forced inclusion" implemented yet.
this means that if the citrea sequencer (a single operator) blacklists the crest smart contract, then users would never be able to 1) make any transaction within the pool or 2) leave the pool
so one entity can censor the entire system
when the network implements this feature, the system will be a bit more trust minimized, but this is not on crest to implement unfortunately
imo the biggest concern isn't with the federated bridge set up. it's more with the citrea network not having "forced inclusion" implemented yet.
this means that if the citrea sequencer (a single operator) blacklists the crest smart contract, then users would never be able to 1) make any transaction within the pool or 2) leave the pool
so one entity can censor the entire system
when the network implements this feature, the system will be a bit more trust minimized, but this is not on crest to implement unfortunately