[PDE-251] [Fix] ottersec advisory check issues

[ungaro]

What's new in this PR?

1. accrueYield iterates through potentially all of YieldDistributionTokenStorage::deposits to calculate the amount of yield a user is owed. there’s a hacky gasleft to break out of the loop, but it seems unstable and creates a dependency on gas costs. importantly, it also means that the yield might not be fully up to date after accrueYield, creating a strange edgecase. can you use a more traditional yield per token model to calculate the amount of yield owed?
   Using yield per token model now.

2. do you expect AssetTokenStorage::{whitelist, holders} to ever contain a non-trivial amount of addresses?
   removed arrays and loops, added events so they can be indexed

some other general questions:

1. what’s the intention of using the from.call(abi.encodeWithSelector(…)) pattern? why not just cast from to ISmartWallet and do the function call directly?
   The Solidity compiler adds a check that the target address has extcodesize > 0 and otherwise reverts for high-level calls, so we have to use a low-level call here

2. is there sample code using _notifyRedeem and _notifyDeposit? the example USDT.sol doesn’t use these functions, and they seem unused throughout the rest of the codebase

3. it seems like whitelist isn’t used anywhere in the code. would it make sense to use.
   removed whitelist array

[eyqs]

Is this file severely out of date?

[ungaro]

check
#91
#54
#67 (deleted, keeping here for comments)
#129 (new 67)

[eyqs]

Discussed offline - better to make the smart contract smaller and rely on offchain event indexing.

[eyqs]

LGTM