LSTRewardsSplitter::deposit does not validate or enforce the 0 check for its amount param
https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/lstRewardsSplitter/LSTRewardsSplitter.sol#L68-L72

No minimum withdraw amount, 0 check, and _receiver validation in LSTRewardsSplitter::withdraw`
https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/lstRewardsSplitter/LSTRewardsSplitter.sol#L79-L83

LSTRewardsSplitter::checkUpkeep,LSTRewardsSplitter::performUpkeep and LSTRewardsSplitter::splitRewards do not emit events.

These functions lacks access control, don not emit events and update contract's state which means outsiders can perform state-changing modifications without any indication of when these happened.

No minimum or maximum -feeBasisPoint in LSTRewardsSplitter::updateFee

This can leave to chance the protocol to manipulate the fees for vaults without regulation.

The use of floating literals in LSTRewardsSplitter::getFees, LSTRewardsSplitter::updateFees, LSTRewardsSplitter::_splitRewards

Rather than perform division operations using the naked 10000, store as a constant state variable instead.

All initialize functions in scope lack events

Seeing the possibility of a front-running attack just after deployment, it is pertinent to emit an event in the initialize function. This prevents users from interacting with an uninitialized contract too.

Vault::__Vault_init, Vault::deposit, Vault::unbound, OperatorStakingPool::initialize, OperatorStakingPool::addOperators, OperatorStakingPool::removeOperators, OperatorStakingPool::setDepositLimit do not emit events