Inconsistent oracle usage during liquidations (EMA for health, Spot for payout) traps underwater positions and maximizes protocol bad debt

Finding Title: Cross-segment accounting flaw in `RateLimiter` enables low-cost griefing DoS on Asset Borrow and Withdraw flows

Finding Title: Incorrect debt scope validation in `handle_debt_auto_deleverage` allows Whitelisted Liquidators to execute unwarranted ADL liquidations on healthy users

Fluid MoneyMarket Internal Accounting Mismatch Leads to Insolvency

Cross-chain unstake and fast redeem operations fail due to minAmountLD not accounting for LayerZero dust removal

The unregistering of vaults can be DoSed by a malicious user.

Reliance on Uniswap V3 spot price in totalAssets allows share price manipulation via flash loans

Duplicate tranche IDs in stakeNxm cause double-counting of assets, leading to totalAssets inflation and potential vault drainage

Strict APY sanity check in StNxmOracle causes permanent Denial of Service for Morpho operations shortly after deployment

`set_invocation_costs_config()` fails to authorize admin allowing anyone to set invocation costs

`twap()` under-charges for multi-period queries due to hardcoded `periods=1`

An authorized matcher can steal all protocol fees by changing the treasury address

CL gauge accepts unverified pools, allowing malicious pool to brick distribution