Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function

Using basis points for percentage is not precise enough for realistic use-cases

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Borrower can bypass maxLoanRatio's configuration of a pool via buyLoan()

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Using forged/fake lending pools to steal any loan opening for auction

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

Zero address leads to transaction reverts

Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`

Missing Events Emitting

Loan can be seized during an auction

Move the Duplicate Checks into a Modifier

Unnecessary If condition in update() of Staking.sol

For the borrow(), repay() & startAuction() functions in Lender.sol the public visibility modifiers should be changed to external, to help optimize gas usage

[L-07] interface Staking.FeeDistribution is not used

No use of Ownable in Staking contract.

Incorrect Event Emmiting

[H-01] Lack of emergency withdraw function when no arbiter is set