Liquidation authorizes on EMA prices but settles seizure on spot prices, causing excess collateral seizure during real Pyth EMA/spot divergence

`handle_debt_auto_deleverage` uses reserve-level debt at execution time even though debt ADL is enabled per `emode_group_id`, allowing borrowing in group B to wrongly activate ADL liquidation against users in group A

`close_pool_reward()` trusts a lazily materialized per-reward claimant counter, so ended deposit liquidity-mining pools can refund away rewards owed to passive pre-existing depositors

MoneyMarket `NORMAL_WITHDRAW` clamps only internal `withdrawAmountRaw_` but forwards the original (oversized) `supplyAmount_` to Liquidity, allowing an attacker to withdraw more tokens than their position and drain pooled Liquidity

DexV2 `settle()` LL-failure fallback credits “withdraw later” storage to `to_` (recipient), but stored balances are only withdrawable by the callback contract (`msg.sender`) → permanent fund lock for EOAs

`writeOff()` can erase all protocol debt when the last borrower is written off (unbacked COIN)

Redemption accounting can become undercollateralized: `redeem()` pays out collateral without conservatively redistributing borrower shortfalls, breaking collateral conservation and locking withdrawals