The Harvester.removeStrategy function iterates over all tokens to check for existence of an element in the strategies[_vault].addresses[_vault] array.
Recommended Mitigation Steps
A more efficient solution would be to use OpenZeppelin's EnumerableSet (or EnumerableMap).
It allows iterating (enumerating) over all entries, as well as constant-time existence checks using contains, as well as a constant time remove function.
The trade-off is that modifying an element requires two sstores due to the additional index it needs to keep track of.
Handle
cmichel
Vulnerability details
The
Harvester.removeStrategy
function iterates over all tokens to check for existence of an element in thestrategies[_vault].addresses[_vault]
array.Recommended Mitigation Steps
A more efficient solution would be to use OpenZeppelin's EnumerableSet (or
EnumerableMap
). It allows iterating (enumerating) over all entries, as well as constant-time existence checks usingcontains
, as well as a constant timeremove
function.The trade-off is that modifying an element requires two
sstores
due to the additional index it needs to keep track of.