QA Report

[code423n4]

AuraLocker.sol

Q/A L83 lockDuration value

Although this is explained into the audit repo, on the project documentation provided here there is not mention at all about the week 17 of the locking process.

Fix

Either making a comment on the contract near it explaining why there is one week more and also make this clear on the project documentation. If I will lock my tokens inside a contract I am going to need to know with certainty how much time they will be locked there. At the first inconsistency, potential users may flee.
⠀
⠀
⠀

AuraBalRewardPool.sol

Low L184 pendingPenalty may jam getReward function

If the penalties are not forwarded for a certain period of time and the accumulation rate of penalties is high, getReward function will revert.
Although this is an unlikely scenario, the difference between the rewards rewards[address] mapping and the pendingPenalty is how and who can make them fluctuate. There is one mapping for each address but only one pendingPenalty variable for the whole pool. If the users maliciously start to take profits in purpose to accumulate penalties just to break this, sticking up to the code this function once the penalites are accumulated will revert preventing everyone else to call this function.
⠀
⠀
⠀

ExtraRewardsDistributor.sol

Q/A L45 Typo in Comment

There is a Chet hebrew letter on the last character just after "token". Maybe a subliminal message of Chai (Life) in hebrew :)
⠀
⠀
⠀

BaseRewardPool4626.sol

Q/A L60 Return Value Ignored

Interface of IDeposit implements the deposit function with a boolean return. On this line, the boolean return is unchecked and afterwards the difference between after and before balances is checked in order to determine if the deposit went through.