Unbacked token minting through share ratio manipulation when totalFreeDebt reaches zero

No gap between borrow LTV and liquidation LTV allows instant liquidation at position open

An attacker can exploit continuous writeOff in an empty market to allow minting unbacked tokens when bad debt exists

`updateBorrower` redeem collateral cap can create a global collateral deficit, causing the coin to become undercollateralized

Interest accrual can freeze via `wadExp()` returning 0 when calculating `growthDecay` if interest has not been accrued for a sufficiently long timedelta

LP virtual shares calculation in `totalAssets` and `totalSupply` allows for share price manipulation

A Malicious Owner Can Steal Funds via Morpho Liquidations and Manipulate Exchange Rate by Removing Staking Token IDs

Staking and unstaking advance the token-specific reward index without distributing rewards, potentially causing `_handleDistributionAndSettelement` to never distribute rewards.

Fee collection will always fail for initial positions of SuperDCA pools that contain native tokens

`_calculateEpochData` only calculates trade rewards based on the trade start time, not the start of the cashback campaign, allowing users to claim cashback for flows that occured before the campaign even started

The flat liquidation fee creates an "effective liquidation threshold" that can be much higher than the nominal `liquidationThreshold`, disincetivising liquidators and potentially making a market accrue bad debt

`OraclePendlePT` assumes 1:1 ratio of pegged assets to base assets when no Chainlink price feed for PeggedAsset<>USD is available

Refunding native ETH in `ZappingProxy` after a router call will fail, potentially impacting protocol functions.

`WStable` does not account for ERC4626 yield bearing tokens with non-atomic deposit and withdraw functions