To remediate the consumption and scale solutions, consider changing LibBasketStorage.basketStorage().inPool and LibCallStorage.callStorage().canCall into a mapping to uint - id, starting with 1 to differentiate from unmapped addresses. This way, deletion and addition of tokens can be achieved in constant time fully on-chain.
bool inPool or bool canCall can be retrieved by checking id != 0.
Handle
Czar102
Vulnerability details
Impact
Iterating through a storage list consumes large amounts of gas.
Proof of Concept
This is relevant to:
CallFacet::removeCaller(...)BasketFacet::removeToken(...)Recommended Mitigation Steps
To remediate the consumption and scale solutions, consider changing
LibBasketStorage.basketStorage().inPoolandLibCallStorage.callStorage().canCallinto a mapping touint- id, starting with 1 to differentiate from unmapped addresses. This way, deletion and addition of tokens can be achieved in constant time fully on-chain.bool inPoolorbool canCallcan be retrieved by checkingid != 0.