Possible DOS in `startOutgoingTxSerializing()`

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xbb704fa46a101f03e21d390f5d3d219ed52b972d85b338f57454a1750d675a5b Severity: medium

Description: Description\ The relayer restricted function startOutgoingTxSerializing() can be DoS-d there are enough withdraw transactions that they would consume the block.gaslimit in startOutgoingTxSerializing -> popBufferedTransfersToBatch. This can be either unintentional or intenional with an attacker blocking this mechanism by spam withdrawing the minWithdrawalLimit. Note that tx fees are very cheap on Oasis Sapphire so this attack could be feasible. The root of the issue is that there is no upper limit on queue which means it can be infinitely large.

Recommendation\ Consider to mitigate this issue by setting an upper bound on the queue

[kill-bugs]

There is a maxTransfersPerBatch variable check that limits it to max 5 txs in getBufferedTransfersToBatch(), therefore I think invalid