HickupHH3
commented
2 years ago There's no way to remove a bonus token from the list The security concern here is that
distributeBonusTokenRewards could revert because Out of Gas exception and there's no way to reduce the size of bonusTokens array that can only be incremented by setBonusToken There's no way to remove a malicius token that has been added to bonusTokens array by setBonusToken distributeBonusTokenRewards could revert because of Out of Gas distributeBonusTokenRewards has a for loop on bonusTokens that is an unbound array. This could lead to a revert because of Out of gas revert.
dup of #249
Judge has assessed an item in Issue #310 as Medium risk. The relevant finding follows: