Unauthorized ERC20 Token Transfer Vulnerability in payWithERC20 Function

Incorrect Calculation on Token Amounts Will Lead to Misallocation of User Rewards

Wrong refundExecutionFee in _handleReturn

Deposits on long one leverage vault don't actually finalize the flow, leading to a Denial of Service (DoS)

Loss of fee refund due to premature state deletion in `PerpetualVault::_handleReturn` function

If users withdraw while a position is in loss, the whole PNL of the position to their withdrawal amount instead of just their share of it.

PerpetualVault can be completely bricked

Incorrect Share Accounting After Liquidation Leading to Ownership Dilution

The calculation of `totalAssets()` could be wrong if `operatorFeeAmount` > 0, this can cause potential loss for the new depositors

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Incorrect Fee Calculation Logic Will Lead to Loss of Funds

Lack of Precision in redeemRate Calculation

Minting zero tokens when underlyingToken is not Ether in cashIn()