Missing pool authenticity validation in `newMaker` / `adjustMaker` enables malicious “pool” to drain user funds via callback

Stale `asset.liq` in `adjustMaker` desynchronizes principal, leading to fee-claim DoS or unintended principal transfers

src/integrations/NFTManager.sol::tokenURI reads Diamond storage from a non-Diamond contract, causing metadata DoS

Incorrect Root Width Calculation Breaks Tree Mapping (Index Wrap/DoS/Accounting Corruption)

Admin `transferVaultBalance` Hard-Codes User ID → Non-Functional / Migration DoS

`collectFees()` refreshes timestamp for `MAKER_NC`, incorrectly re-arming JIT penalties