LP virtual shares calculation in `totalAssets` and `totalSupply` allows for share price manipulation

A Malicious Owner Can Steal Funds via Morpho Liquidations and Manipulate Exchange Rate by Removing Staking Token IDs

Staking and unstaking advance the token-specific reward index without distributing rewards, potentially causing `_handleDistributionAndSettelement` to never distribute rewards.

Fee collection will always fail for initial positions of SuperDCA pools that contain native tokens

`_calculateEpochData` only calculates trade rewards based on the trade start time, not the start of the cashback campaign, allowing users to claim cashback for flows that occured before the campaign even started

The flat liquidation fee creates an "effective liquidation threshold" that can be much higher than the nominal `liquidationThreshold`, disincetivising liquidators and potentially making a market accrue bad debt

`OraclePendlePT` assumes 1:1 ratio of pegged assets to base assets when no Chainlink price feed for PeggedAsset<>USD is available

Refunding native ETH in `ZappingProxy` after a router call will fail, potentially impacting protocol functions.

`WStable` does not account for ERC4626 yield bearing tokens with non-atomic deposit and withdraw functions