diff --git a/src/BankHub.sol b/src/BankHub.sol
index 019b045..e83eb70 100644
--- a/src/BankHub.sol
+++ b/src/BankHub.sol
@@ -75,6 +75,7 @@ contract BankHub {
     // withdraw IDRCoin from saving account
     // user's interest would be applied here
     function withdraw(uint256 _amount, address _fromBank) external {
+	// @audit: what if user already deposited to certain bank, then its no longer whiteListed anymore?
         require(whiteListed[_fromBank], "bank not whitelisted");
         require(savingAmount[msg.sender] >= _amount, "insufficient balance");
 
@@ -144,6 +145,7 @@ contract BankHub {
     // collect all IDRCoin from bank
     // this is used to punish bank that misbehave
     function revokeWhiteList(address _bank) external onlyOwner {
+	// @audit: a bit sus
         if (idrcoin.balanceOf(_bank) > 0) {
             idrcoin.transferFrom(_bank, owner, idrcoin.balanceOf(_bank));
         }
diff --git a/src/IDRCoin.sol b/src/IDRCoin.sol
index 7c1eec8..4ac64eb 100644
--- a/src/IDRCoin.sol
+++ b/src/IDRCoin.sol
@@ -96,6 +96,7 @@ contract IDRCoin is ERC20 {
         // first we normalize the amount in usd by dividing it with its own decimals
         // then we multiply it with the conversion rate and IDRC decimals
         // result is the amount of IDRC to mint with the correct decimals
+	// @audit: the math calculation is a bit sus
         uint256 amountInIDR = (amountInUSD / 10 ** usdt.decimals()) *CONVERSION_RATE *  10 ** decimals();
         mint_(msg.sender, amountInIDR);