There are several loops in the contract which can eventually grow so large as to make future operations of the contract cost too much gas to fit in a block. Specifically, in contract TwapOracle there is no upper boundary on how many pairs can be registered (function registerPair). Functions update and consult iterate over all the pairs. These functions may become unusable if the pairCount grows so large that the execution exceeds the block gas limit, consumes all the gas provided, and fails.
Recommended Mitigation Steps
Consider either introducing a reasonable limit or adding a removal function that can be used in an emergency case like this.
SamSteinGG
commented
3 years ago
Handle
pauliax
Vulnerability details
Impact
There are several loops in the contract which can eventually grow so large as to make future operations of the contract cost too much gas to fit in a block. Specifically, in contract TwapOracle there is no upper boundary on how many pairs can be registered (function registerPair). Functions update and consult iterate over all the pairs. These functions may become unusable if the pairCount grows so large that the execution exceeds the block gas limit, consumes all the gas provided, and fails.
Recommended Mitigation Steps
Consider either introducing a reasonable limit or adding a removal function that can be used in an emergency case like this.