[L-1]Gas Consumption and Loop Risk in _obtain_price_params function
Summary
The for loop in the _obtain_price_params function from ScrvusdOracleV2.vy contract , has been identified as potential cause of excessive gas consumption and unintended loop execution. The loop iterates over a range defined by number_of_periods and MAX_V2_DURATION.
MAX_V2_DURATION is the total number of months (48 months), which is equivalent to 4 years. In the context of the _obtain_price_params function, it seems that the loop will run up to 48 months based on the value of number_of_periods, unless it's limited by the MAX_V2_DURATION
Recommendations
The range function typically needs a starting and ending value, and the way bound is used is not a standard Vyper function. Instead, use the range(start, stop) syntax. Probably limit the loop to the smaller of number_of_periods and MAX_V2_DURATION.
Consider changing the for loop to this, strictly defining boundaries:
Lead Judging Commences
[invalid] finding-incorrect-loop-bound
Invalid, `bound` here has a different meaning from Python's `range(a, b)`. It is a bound of maximum iterations, meaning the loop will only go to the bounded `MAX_V2_DURATION` when `number_of_periods >= MAX_V2_DURATION`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.