Loops that do not have a fixed number of iterations, for example, loops that depend on storage values, have to be used carefully: Due to the block gas limit, transactions can only consume a certain amount of gas. Either explicitly or just due to normal operation, the number of iterations in a loop can grow beyond the block gas limit which can cause the complete contract to be stalled at a certain point.
Imagine this scenario.
Contract is deployed with 2^256-1 token addresses and price feeds.
Alice then deposits 10 WETH to the contract.
She then decides to redeem the collateral.
redeemCollateral()
calls getAccountCollateralValue(address user)
which loops through the array of token addresses.
The gas consumed is bigger than the block gas limit causing the transaction to revert.
All funds are not stuck in the contract.
Manual review.
Consider adding an upper bound for the amount of tokens and price feeds that can be added to the contract.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.