Inconsistent oracle usage during liquidations (EMA for health, Spot for payout) traps underwater positions and maximizes protocol bad debt

Finding Title: Cross-segment accounting flaw in `RateLimiter` enables low-cost griefing DoS on Asset Borrow and Withdraw flows

Finding Title: Incorrect debt scope validation in `handle_debt_auto_deleverage` allows Whitelisted Liquidators to execute unwarranted ADL liquidations on healthy users

Cross-chain unstake and fast redeem operations fail due to minAmountLD not accounting for LayerZero dust removal

Reliance on Uniswap V3 spot price in totalAssets allows share price manipulation via flash loans

Duplicate tranche IDs in stakeNxm cause double-counting of assets, leading to totalAssets inflation and potential vault drainage

Strict APY sanity check in StNxmOracle causes permanent Denial of Service for Morpho operations shortly after deployment

`set_invocation_costs_config()` fails to authorize admin allowing anyone to set invocation costs

`twap()` under-charges for multi-period queries due to hardcoded `periods=1`

An authorized matcher can steal all protocol fees by changing the treasury address

CL gauge accepts unverified pools, allowing malicious pool to brick distribution