UniswapPriceOracle.validatePrice() TWAP Calculation Flaw

Variable Overwrite in checkPoolAndGetCenterPrice() Creates Dead-Code Deviation Check, Leaving All V3 Protocol-Owned Liquidity Operations Unprotected

Services can earn undeserved rewards by manipulating checkpoint timing during reward droughts

Balancer oracle deadlock from cumulative price weight

Uniswap oracle validateprice can be griefed per block via `sync()`

BuilderWallet `init()` is unprotected/re-initializable, enabling takeover and theft of builder fees

Self-settlement via `dispatchFrom` bypasses refund mechanism allowing underfunded debt settlement

Withdrawing just before a bad debt event can increase losses for remaining liquidity providers

`dispatchFrom()` Liveness DoS via `StaleOracle`: Spot Price Manipulation Blocks Liquidations, Force Exercises, and Premium Settlements

Commission Share-Burn Distribution is JIT-Capturable When `builderCode == 0` (Default)

Borrower can extract unbacked Coin at the expense of the protocol

A single borrower being written off will create unbacked stablecoins for all users

Missing access control in `WERC7575Vault` allows unauthorized withdrawals

The unregistering of vaults can be DoSed by a malicious user.

Stale Redemption Liabilities Lead to Leveraged Losses for Remaining Shareholders and Potential Denial of Service