Unbounded for loop inside `ERC20PaymentClinet`

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x952f6a513599fde3759060d8644f4778df7a4a984820b6efa90a89e53b2a29a1 Severity: medium

Description: Description\ Payment orders may increase infinitely, if new are added and old are not being collected. The only way to proceess and collected them is "simultaneously" with collectPaymentOrders, which loops trough all orders and copy them in memory. Additionally another loop is done inside PaymentProccessor on the same entries, which transfers the amounts of the different orders to the recipients. This is an open door for OOG issues and even DoS in worst cases if orders happen to be so much.

Attack Scenario\ Read the above explanation

Attachments

1. Proof of Concept (PoC) File

2. Revised Code File (Optional) Introduce a function, which accepts orders num of orders to collect, so it is not an issue that the array can grow infinitely.

[PlamenTSV]

Mentioned in previous audit report. Root cause is the same. https://docs.google.com/document/d/19joDIsfGkIHVBDrdY5GOb9r2wbYv1w2hBDFUTVHF6MM/edit

[0xmahdirostami]

after each _addPaymentOrder, processPayments is called in the current implementation, so no issue here.