Proposals can never get created due to reaching `block.gaslimit`

[code423n4]

Handle

hrkrshnn

Vulnerability details

Proposals can never get created due to reaching block.gaslimit

The function proposeBasketLicense allows initializing proposals of with arbitrary amount of tokens. However, createBasket stage involves the actual transfers. Since each unique token in the list undergoes a safeApprove, which would cost at least 22,100 gas (for zero to non-zero sstore update). Taking this alone would mean that having a token list of size 1300 would exceed the current block gas limit. This number would in practice be even lower when including other calls.

Recommended Mitigation Steps

1. Try to measure the cost of proposeBasketLicense for n tokens and try to estimate n that exceeds the current block gas limit.
2. Hardcode this value (or lower) in proposeBasketLicense with a require(tokens.length < n).

This would more or less guarantee that each proposed basket can be created.

[GalloDaSballo]

I will keep this finding as valid because it is true

That said in practice this won't happen, so I would recommend the sponsor to know the theoretical limit and not to sweat about it