A repo covering some exploits
Reentrancy: Creating a malicious contract with a twisted fallback() that takes advantage of external calls in a target contract.
External Contract Referencing: Setting up a contract and passing it, through constructor and/or a function, address of a contract with similar name and function signatures but different functionality.
DoS: Rendering a transaction useless, exploiting unbounded for-loops, or external calls, or other reason to make transaction fail for users.
Note: For DOS, ask if the iterative loop is bounded to a certain size or not? Does it have external calls? If yes, what would make the call fail? If they do fail, would that cause a revert? If yes, that's a potential DoS! Can it affect the system?