The Terminal Mining contracts have undergone two successful audits, one from ABDK and one from CertiK. Additionally, the contracts have been reviewed by multiple whitehat hackers via the Immunefi platform. Audits can be found here.
We have implemented a number of additional security features on the contracts, including the Timelock feature. Depositors cannot interact with a given CLR pool more than once in five minutes, (e.g., a depositor will have to wait 5 minutes to withdraw or deposit again). While this is not a magic bullet security feature, we implement this safeguard to reduce the surface space for economic attacks powered by flash-loans.