Unbounded iteration over validators array

[code423n4]

Handle

cmichel

Vulnerability details

The getValidatorsDetails function iterates over all validatorsN elements.

The same happens for other view functions like getDelegatorDetails.

Impact

The transactions can fail if used by another smart contract on-chain. This happens in case the number of validators gets too large and the transaction would consume more gas than the block limit. It will also cost a lot of gas as the entire validator set is always fetched.

Recommended Mitigation Steps

Consider pagination for the view functions by adding startIndex, count parameters that read the array from index startIndex and read only count many elements.

[kitti-katy]

The getters weren't designed to be called in any transactions, but agreed, if an external contract will use it, it might fail. Right now we have only 10 validators who are whitelisted. In the upgraded version, there will be no whitelist and anyone would be able to become a validator. The current list is small enough, and we will handle the getters in the next contract version.

[GalloDaSballo]

Agree with the finding, the function can fail given certain conditions

Am ok with a nofix