The Manager.removeToken function iterates over all tokens to check for existence of an element in the tokens[_vault] array.
Recommended Mitigation Steps
A more efficient solution would be to use OpenZeppelin's EnumerableSet.
It allows iterating (enumerating) over all entries, as well as constant-time existence checks using contains, as well as a constant time remove function.
The trade-off is that modifying an element requires two sstores due to the additional index it needs to keep track of.
Handle
cmichel
Vulnerability details
The
Manager.removeToken
function iterates over all tokens to check for existence of an element in thetokens[_vault]
array.Recommended Mitigation Steps
A more efficient solution would be to use OpenZeppelin's EnumerableSet. It allows iterating (enumerating) over all entries, as well as constant-time existence checks using
contains
, as well as a constant timeremove
function.The trade-off is that modifying an element requires two
sstores
due to the additional index it needs to keep track of.