`Zap.sol#redeem()` Lack of input validation

[code423n4]

Handle

WatchPug

Vulnerability details

token should be validated to make sure the user can get the redeemed tokens.

https://github.com/Badger-Finance/ibbtc/blob/d8b95e8d145eb196ba20033267a9ba43a17be02c/contracts/Zap.sol#L216-L238

function redeem(IERC20 token, uint amount, uint poolId, int128 idx, uint minOut)
    external
    defend
    blockLocked
    whenNotPaused
    returns(uint out)
{
    ibbtc.safeTransferFrom(msg.sender, address(this), amount);

    Pool memory pool = pools[poolId];
    if (poolId < 3) { // setts
        settPeak.redeem(poolId, amount);
        pool.sett.withdrawAll();
        pool.deposit.remove_liquidity_one_coin(pool.lpToken.balanceOf(address(this)), idx, minOut);
    } else if (poolId == 3) { // byvwbtc
        byvWbtcPeak.redeem(amount);
        IbyvWbtc(address(pool.sett)).withdraw(); // withdraws all available
    } else {
        revert("INVALID_POOL_ID");
    }
    out = token.balanceOf(address(this));
    token.safeTransfer(msg.sender, out);
}

[GalloDaSballo]

I agree with the finding, although other wardens proved that the wrong token can cause loss of funds, we will add a slippage check at the end of the function