Missing authorization check in `Payment::payWithERC20()` allows unauthorized token transfers

Missing worker deployment timeout mechanism leads to permanently stuck deployments

Missing signature invalidation in `BlueprintCore::updateWorkerDeploymentConfigWithSig()` allows token balance draining and configuration update replay

Incomplete whitelist implementation in `BlueprintCore` allows bypass of agent creation restrictions

Inconsistent negative modulo handling causes incorrect tick calculations for secondary positions

Claiming accumulated rewards while the contract is underfunded can lead to a loss of rewards

Potential unfair distribution of Rewards due to MEV in updateBucketExchangeRatesAndClaim