What are the cons of dhcp snooping, dynamic arp inspection and ip guard?

I read about a couple of layer 2 protections against dhcp starving, mac and ip spoofing- ip guard, dhcp snooping and dynamic arp inspection.

Are there any cons or vulnerabilies which enable bypassing them or are they safe to use?

I have noticed that each record in the dhcp binding table has a time to live and the table itself has a limited size, but I dont see how can it help the attack.