Uniswap V3 Spot Price dependency in `stNXM` accounting allows exchange rate manipulation and fund theft

`StNxmOracle` will permanently DoS due to overly strict APY checks on short timeframes

Missing Uniswap V3 cardinality initialization in `StNxmOracle` leads to permanent Denial of Service

Standalone NFTManager reads from its own empty storage instead of Diamond's, causing tokenURI to revert

WStable mints unbacked shares, leading to fund loss

Rebalancer can drain market funds via excessive bridge fees

Unbounded iteration over logically removed elements in `PersistentSet` could lead to gas DOS

Anyone can steal pending refunds due to flawed recipient validation

Stale collateral data risk in cross-chain borrow execution may lead to undercollateralized loans

Canceling an `OracleLess` order type is vulnerable to DOS

`updateDownsideProtected` can be called by anyone leading to incorrect downside protection records on CDS module

Anyone can delete all active lending offers without authorization

Insufficient input validation on `SablierV2NFTDescriptor::safeAssetSymbol` allows an attacker to obtain stored XSS

Wrong global lending limit check in `_deposit` function