Unbounded array in ```TokenManager::updateTokenWhiteListed``` prevent to update the Token WhiteList
Summary
The TokenManager::updateTokenWhiteListed is designed to update the whitelist status of a dynamic list of ERC20 tokens. This function accepts an array of token addresses and a boolean indicating whether these tokens should be added to or removed from the whitelist. Due to the nature of blockchain transactions and the inherent gas costs associated with state changes, processing a large number of tokens in a single transaction may lead to issues related to the block gas limit.
Vulnerability Details
The TokenManager::updateTokenWhiteListed function iterates over an unbounded array of token addresses, performing state-changing operations for each token. If the array is sufficiently large, the total gas required to execute the function could exceed the block gas limit, causing the transaction to fail.
Impact
This vulnerability can prevent the successful execution of transactions intended to update the whitelist status of a large number of tokens at once.
Tools Used
Manual review
Recommendations
Introduce a mechanism to limit the number of tokens that can be updated in a single transaction.
Lead Judging Commences
[invalid] finding-Admin-Errors-Malicious
The following issues and its duplicates are invalid as admin errors/input validation/malicious intents are1 generally considered invalid based on [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). If they deploy/set inputs of the contracts appropriately, there will be no issue. Additionally admins are trusted as noted in READ.ME they can break certain assumption of the code based on their actions, and
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.