function validateWeights(address[] memory _tokens, uint256[] memory _weights) public override pure {
require(_tokens.length == _weights.length);
uint256 length = _tokens.length;
address[] memory tokenList = new address[](length);
// check uniqueness of tokens and not token(0)
for (uint i = 0; i < length; i++) {
require(_tokens[i] != address(0));
require(_weights[i] > 0);
for (uint256 x = 0; x < tokenList.length; x++) {
require(_tokens[i] != tokenList[x]);
}
tokenList[i] = _tokens[i];
}
}
for (uint256 x = 0; x < tokenList.length; x++) can be change to for (uint256 x = 0; x < i; x++) because the value of tokenList[i] has not been set yet.
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Basket.sol#L64-L68
for (uint256 x = 0; x < tokenList.length; x++)
can be change tofor (uint256 x = 0; x < i; x++)
because the value oftokenList[i]
has not been set yet.