`claim` can run out of gas

[code423n4]

Lines of code

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Quest.sol#L104

Vulnerability details

Impact

If the claim function runs out of gas, the caller can never claim any rewards without transferring the nfts to another address first

Proof of Concept

Currently, the claim function loops over the msg.senders NFT's. If this list ever becomes too large, the function will run out of gas.

Tools Used

VSCode

Recommended Mitigation Steps

Consider implementing pagination for reward claiming.

[c4-judge]

kirk-baird marked the issue as duplicate of #135

[c4-judge]

kirk-baird marked the issue as satisfactory