MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

Incorrect `if` check condition in the `updateParticipation` function for verifying `theminTokenAmountPerUser` for a user

The fee calculations in the `pool` contract are incorrect, with different total fee amounts calculated during user creation/redeem and when the `feeBeneficiary` claims.

An attacker can intentionally prevent the auction from succeeding by placing a bid that makes the `totalSellReserveAmount` exceed the sale limit just before bidding ends.

Fee Evasion via LP Token Transfer Resets Deposit Value

quantAMMSwapFeeTake used for both getQuantAMMSwapFeeTake and getQuantAMMUpliftFeeTake.

Users can claim more that their actual allotment

maxSellPercent can be buypassed by selling previously bought vestings at a later time

Subtraction in `variance()` will revert due to underflow

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

Unrestricted validation score range for validators in `LLMOracleCoordinator::validate`.

`LLMOracleCoordinator::request` lacks a check for non-empty `task.input`, making `assertValidNonce` easier to pass due to reduced uniqueness

[MEDIUM]- User role can't be removed .The `_setRole` function cannot remove a role for a user due to incorrect implementation; it fails to remove the user's role.