While Loop in Checkpoints.sol

In https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Checkpoints.sol , used in https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/governance/utils/Votes.sol there is a while loop in _upperBinaryLookup .

That seems like a potential vulnerability. What if a grief attacker delegates enough times that searching through it in log(n) still exceeds the block gas limit?

Thanks in advance?


This is really not feasible. With 1 million checkpoints gas will not even be 100k gas and with recent optimizations it will be half that. See the benchmarks in this PR:


Okay thank you for the benchmark :slight_smile:
Is there a place where you document all these security considerations for future audits?

Usually in comments to accompany the relevant code. In this case it's not documented...