PM borrow liabilities are omitted from backing, allowing phantom surplus settlement

Liquidation can seize disproportionate collateral when spot and EMA diverge because seize sizing uses spot without enforcing EMA/spot tolerance

Administrators will reclaim liquidity-mining rewards owed to passive users

Public depositors can exceed configured market deposit caps and small redeposits can revert after LP exit

Insolvency via Cross-Service Reentrancy in StakingBase._withdraw

Arbitrum Retryable-Ticket Refund/Value Not Verified Enables Timelock ETH Exfiltration

DexV2 will permanently lock owed token payouts for EOA recipients when the Liquidity layer reverts

BuilderWallet `init()` is unprotected/re-initializable, enabling takeover and theft of builder fees

`RiskEngine::_getRequiredCollateralAtTickSinglePosition()` Fails to Accumulate Credits Across Multiple Legs, Leading to Potential Erroneous Liquidations

Division-by-zero in long-leg collateral requirement can block solvency checks and `dispatchFrom` (liquidation/force-exercise) for tickSpacing==1 pools

Missing access control in `WERC7575Vault` allows unauthorized withdrawals