Unbounded iteration in Synth Vault

[code423n4]

Handle

cmichel

Vulnerability details

Vulnerability Details

The SynthVault.harvestAll iterates over all stakedSynthAssets. Anyone can push to this array by creating a synth over curated assets.

Impact

The transactions can fail if the arrays get too big and the transaction would consume more gas than the block limit.

Recommended Mitigation Steps

Keep the number of synths/curated pools small.

[verifyfirst]

only one synth can exist per curated asset. There is a 10 curatedPool limit in place for this.

[ghoul-sol]

Per sponsor comment, invalid