feat(token-aggregation): reports, PMM quotes, config; Engine X flash vaults

- Expand token-aggregation API (report routes), canonical tokens, pools
- Add flash vault contracts + tests (indexed, DODO cwUSDC, XAUT borrow)
- PMM pools JSON, deploy/export scripts, metamask verified list

Co-authored-by: Cursor <cursoragent@cursor.com>

scripts/deployment/export-cronos-verification-sources.sh

@@ -7,6 +7,8 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
 OUT_DIR="$PROJECT_ROOT/.cronos-verify"
 cd "$PROJECT_ROOT"
+# Cronos mainnet requires Paris EVM bytecode (no PUSH0). Match `foundry.toml` profile `cronos_legacy`.
+export FOUNDRY_PROFILE="${FOUNDRY_PROFILE:-cronos_legacy}"
 # Load .env via dotenv (RPC CR/LF trim). Fallback: raw source.
 if [[ -f "$SCRIPT_DIR/../lib/deployment/dotenv.sh" ]]; then
   # shellcheck disable=SC1090
@@ -68,5 +70,7 @@ echo "Next: https://explorer.cronos.org/verifyContract"
 echo "  1. Select 'Solidity (Standard-Json-Input)'"
 echo "  2. Upload the *_standard_input.json file for each contract"
 echo "  3. See docs/deployment/CRONOS_VERIFICATION_RUNBOOK.md"
+echo "  4. The verify form uses Google reCAPTCHA — Submit stays disabled until solved in the browser."
+echo "  5. Compiler picker may list 0.8.21+ only; Foundry uses solc 0.8.20 by default — pick the version that matches deploy bytecode if verification fails."
 echo ""
 echo "Sources: $OUT_DIR/"