Summary

The loop iteration in the _withdrawTokens function may not have a well-defined upper bound, potentially leading to excessive gas consumption or out-of-gas errors.

Vulnerability Details

The loop iterates over the stems array, potentially causing gas exhaustion if the array is very large. The loop's termination condition relies on the number of stems and the maxTokens value. However, if the condition (i < stems.length) && (a.active.tokens < maxTokens) is not carefully controlled, it may lead to unexpected gas consumption.

Impact

When the length of the stem becomes exhaustively long, the gas price required to loop over all of it may become too high and unaffordable. This could result in transactions failing due to out-of-gas errors or significantly increased gas costs for users.

Tools Used

Manual

Recommendations

Ensure that the loop iteration is bounded by a well-defined upper limit to prevent gas exhaustion. Consider limiting the number of iterations or implementing pagination for large arrays.