external calls in an un-bounded loop may result in a DOS

Github username: @saidqayoumsadat Twitter username: saqsadat143 Submission hash (on-chain): 0x8966dd7575376720ff3b24ae6bd9a3c0f86ad7680969532b01ed44d022068a3a Severity: low

Description: Description\ Consider limiting the number of iterations in loops that make external calls

Proof of Concept (PoC) File

file: /src/CatalystFactory.sol

88            ERC20(assets[it]).safeTransferFrom(
                msg.sender,
                vault,
                init_balances[it]
            );

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystFactory.sol#L88C1-L92C15

file: /src/CatalystVaultAmplified.sol

114            uint256 weightAssetBalance = weight * (ERC20(token).balanceOf(address(this)) - _underwriteEscrowMatchBalance0[token]);

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultAmplified.sol#L1143C1-L1143C131

file: /src/CatalystVaultAmplified.sol

338                wab = FixedPointMathLib.powWad(
                            int256((weightAssetBalance - _underwriteEscrowMatchBalance0[token] * weight) * FixedPointMathLib.WAD),  // If casting overflows to a negative number, powWad fails
                            oneMinusAmp
                        );

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultAmplified.sol#L338C24-L341C27

file: /src/CatalystVaultVolatile.sol

452            if (minOut[it] > tokenAmount) revert ReturnInsufficient(tokenAmount, minOut[it]);

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultVolatile.sol#L452C1-L452C94

hats-finance / Catalyst-Exchange-0x3026c1ea29bf1280f99b41934b2cb65d053c9db4

external calls in an un-bounded loop may result in a DOS #17