Here are a few quick thoughts on what makes a good SharePoint code review (ignoring the standard C# questions, like comments, coding standards, error handing):
- Have SharePoint objects such as SPSite and SPWeb been Disposed of appropriately?
- Has the Developer run SPDisposeCheck on the solution and what were the findings?
- Have Get methods been used where appropriate instead of using the index from a collection? ie oList.Items["abc"], as opposed to oList.GetItems(oQuery).
- Does the developer make good use of CAML queries to avoid long running enumerations of SharePoint collections?
- Has the developer overwritten throttling and if so, why?
- When Running as Elevated Privledges has the AllowUnsafeUpdate been set back to False?
- Is everything packaged in one or more features where possible?
- Has the developer modified any Out of the Box SharePoint files? If so, calmly walk him off the premises.
- When developing web parts, has the developer used RenderContents as opposed to CreateChildControls? If so, why?
- ...what else?