Severity: Low

Files Affected

• cadence/contracts/FlowYieldVaultsEVM.cdc

Description

The yieldVaultsByEVMAddress mapping stores unbounded arrays of YieldVault IDs per user. Closing a vault uses firstIndex(of:) which is O(n). Users with many vaults experience increased costs.

This is self-inflicted; attackers cannot force growth of another user's array.

Recommendation

Consider O(1) removal using swap-and-pop pattern for power users.

Parent Issue: #15