Array indexes may be out of bounds
In the case of the tokens
and amounts
array used in the _swap()
function, no check on their length is performed. There are no restrictions in regards to verifying whether their lengths are equal, as is to be expected.
Due to the nature of how the protocol was built, we recommend checking that their lengths are equal to one another as well as checking that the length of one of them is equal to 2
.
function _swap(
address custodian,
address[] calldata tokens,
uint256[] calldata amounts,
uint64 deadline,
bytes calldata signature
) internal onlyWhitelisted(custodian) returns (bool) {
require(tokens.length == amounts.length, "Array size mismatch");
require(tokens.length == 2, "Array with inadequate size");
// ...
This issue has been properly resolved in commit 3be1183↗.