Summary
The distributeProtocolAssetReward function in the MarketMakingEngineConfiguration.sol contract is vulnerable to a potential Denial of Service (DoS) attack due to its unbounded loop over the protocolFeeRecipients map. This can lead to excessive gas consumption and transaction failures, especially when the number of fee recipients is large.

Vulnerability Details

The issue is located in the following code snippet:
https://github.com/Cyfrin/2025-01-zaros-part-2/blob/39e33b2f6b3890573bb1affc41a7e520277ceb2c/src/market-making/leaves/MarketMakingEngineConfiguration.sol#L60-L89

The function iterates over all entries in the protocolFeeRecipients map without any bounds, which can lead to excessive gas consumption and potential transaction failures if the number of entries is large.

Impact
The impact of this issue is that it can lead to excessive gas consumption and transaction failures, potentially causing a Denial of Service (DoS) for users interacting with the contract. This can prevent users from performing essential operations such as distributing protocol rewards.

Tools Used
manual

Recommendations
To mitigate this issue, it is recommended to use the pull-over-push pattern and add offset and limit parameters to the distributeProtocolAssetReward function to allow for bounded iteration over the protocolFeeRecipients map. This can be achieved by implementing the following changes:

1. Add offset and limit parameters to the function signature.

2. Modify the loop to iterate only within the specified range.