In one of a projects, I'm developing we have to create order approval system on Front-End, which was accessible to a specific users only.
During implementation I've found a bug in OrdersEventHandler::CheckUser method, that changed approved/denied order owner user to one, who was performing approval/denial.