[H-01] Missing address(0) check can lead to loss of funds.

There is no check for address(staking) != address(0). Which can cause WETH to be sent to address(0) causing loss for funds.

https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Fees.sol#L43

Recommendation

Add a check address(staking) != address(0) at the begining of the method.

[H-02] Method sellProfits() is public and the transfer function logic is incorrect

Anybody can call this function and the swapped amount local variable is not used. Rather all the WETH hold by the contract is trasfered to the staking contract.

https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Fees.sol#L42-L43

[H-03] Anybody can repay anybody's loan

There is no check to validate if the msg.sender is the borrower of the loan. Instead the balance is deducted from the msg.sender and is debt of the borrower of the loan is repaid.

https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L316-L332

Recommendation

A check should be in place to ensure the msg.sender is the borrower before proceeding further.