OOG

Nested loop potentially resulting in OOG

The Vault.recalculateVaultsCreditCapacity function will be called throughout the codebase. In some cases it will a single vault inside an array but in other cases it will receive an array of vaults instead of a single item.

The issue is that the vaults will be iterated alongside the connected markets (connected markets will be iterated on _recalculateConnectedMarketsState called by recalculateVaultsCreditCapacity).

Since this will result in a nested loop, an OOG scenario is plausible.

Impact

OOG on Vault.recalculateVaultsCreditCapacity would result in a massive DDoS of the system since this Vault.recalculateVaultsCreditCapacity gets called in frequently in the codebase.

Recommendation

Consider adding a limit on the max number of vaults and connected markets per vault, and also allow vaults and connected markets to be deleted.

Pagination would be an ideal approach, but it's tricky since the updates need to be made in one tx.

Slippage protection

Consider adding slippage protection for debt and credit swap calculations in CreditDelegation. An ideal approach would be to check a price of an asset using chainlink to prevet low amounts received in times of market volatility. Currently it's checking for zero but the return amounts could for example be 1 wei.