PerpetualVault can be completely bricked

Cancelling a Flow after a Position Is Created Might Result in Inflation/Deflation of Shares

Fees not refunded to users on position closed and funds locked/lost

Domain pricing relies on pool price, which can be manipulated

User can bypass `MAX_EXPIRATION` when extend expiration

Extending a domain's expiration even after the grace period impacts domain buyers

Platform fees withdrawal will sweep oracle agents earned fees

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

Unrestricted validation score range for validators in `LLMOracleCoordinator::validate`.

Users can list assets with price < 1 ERC20 (ETH, WETH), leading to potential DoS vulnerability.

Anyone can manipulate user nonce (nonce_manager) in settlement contract

SettlementSignatureVerifier is missing check for duplicate validator signatures

Single-step process for critical ownership transfer is risky

Unnecessary If condition in update() of Staking.sol