diff --git a/contracts/ref-ve/src/account.rs b/contracts/ref-ve/src/account.rs
index e99a990..526798f 100644
--- a/contracts/ref-ve/src/account.rs
+++ b/contracts/ref-ve/src/account.rs
@@ -30,6 +30,8 @@ pub struct Account {
     #[serde(skip_serializing)]
     pub proposals: HashMap<u32, VoteDetail>,
     /// Record expired proposal voting info
+    /// [Audit] Suggestion: proposal history can be queried from TheGraph if proposal events are emitted,
+    /// so not necessary to save in contract state which introduces extra storage cost
     #[serde(skip_serializing)]
     pub proposals_history: UnorderedMap<u32, VoteDetail>,
     #[serde(with = "u128_map_format")]
@@ -87,6 +89,7 @@ impl Account {
     pub fn sub_reward(&mut self, token_id: &AccountId, amount: Balance) {
         if let Some(prev) = self.rewards.remove(token_id) {
             require!(amount <= prev, E101_INSUFFICIENT_BALANCE);
+            // [Audit] Suggestion: better use `remaining` as a variable name
             let remain = prev - amount;
             if remain > 0 {
                 self.rewards.insert(token_id.clone(), remain);
diff --git a/contracts/ref-ve/src/storage_impl.rs b/contracts/ref-ve/src/storage_impl.rs
index b90fa23..509b9df 100644
--- a/contracts/ref-ve/src/storage_impl.rs
+++ b/contracts/ref-ve/src/storage_impl.rs
@@ -67,6 +67,8 @@ impl StorageManagement for Contract {
 
             self.internal_remove_account(&account_id);
             if account.sponsor_id != env::current_account_id(){
+                // [Audit] Risk: If one account locked LPT, and unlocked after a while, he/she can call `storage_unregister`
+                // to receive storage refund even if he/she didn't run `storage_deposit` before
                 Promise::new(account.sponsor_id).transfer(STORAGE_BALANCE_MIN_BOUND);
             }
             true