Liquidation authorizes on EMA prices but settles seizure on spot prices, causing excess collateral seizure during real Pyth EMA/spot divergence

`handle_debt_auto_deleverage` uses reserve-level debt at execution time even though debt ADL is enabled per `emode_group_id`, allowing borrowing in group B to wrongly activate ADL liquidation against users in group A

`close_pool_reward()` trusts a lazily materialized per-reward claimant counter, so ended deposit liquidity-mining pools can refund away rewards owed to passive pre-existing depositors

`writeOff()` can erase all protocol debt when the last borrower is written off (unbacked COIN)

Redemption accounting can become undercollateralized: `redeem()` pays out collateral without conservatively redistributing borrower shortfalls, breaking collateral conservation and locking withdrawals