updateCheckpointSlotSize() / updateCollateral() does note remove old entries before adding new ones

[hats-bug-reporter[bot]]

Github username: @saidqayoumsadat Submission hash (on-chain): 0xd1fb4bc8c511cebae1c60963c1bf2ad21c027f5b9a0fdd1463c1b05fdf2ea4d2 Severity: low

Description: Description

Each time updateCheckpointSlotSize() / updateCollateral() are called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to acquire new tokens.

file: /contracts/DappnodeSmoothingPool.sol

623    function updateCheckpointSlotSize(
        uint64 newCheckpointSlotSize
    ) external onlyOwner {
        checkpointSlotSize = newCheckpointSlotSize;
        emit UpdateCheckpointSlotSize(newCheckpointSlotSize);
628    }

https://github.com/hats-finance/Smooth-0x64bc275b37e62eec81a00ecaecd2b9567058f990/blob/3929e24ea288d697d38948b8690c8c2028e5042b/contracts/DappnodeSmoothingPool.sol#L623-L628

file:  /contracts/DappnodeSmoothingPool.sol

635    function updateCollateral(
        uint256 newSubscriptionCollateral
    ) external onlyOwner {
        subscriptionCollateral = newSubscriptionCollateral;
        emit UpdateSubscriptionCollateral(newSubscriptionCollateral);
640    }

https://github.com/hats-finance/Smooth-0x64bc275b37e62eec81a00ecaecd2b9567058f990/blob/3929e24ea288d697d38948b8690c8c2028e5042b/contracts/DappnodeSmoothingPool.sol#L635-L640

[invocamanman]

This does not make sense, there is no array here, or voting power depending on the tokens. I think this is a bot or there's a misunderstanding