Open code423n4 opened 1 year ago
The mitigation puts the original assetRegistry.toAsset try catch block in the beginning loop. So that, only the registered coll asset can be saved in the erc20sAll / collsAll / refAmtsAll array:
assetRegistry.toAsset
try assetRegistry.toAsset(b.erc20s[j]) returns (IAsset asset) { if (!asset.isCollateral()) continue; // skip token if not collateral erc20sAll[len] = b.erc20s[j]; collsAll[len] = ICollateral(address(asset)); {ref} = {1} * {ref} refAmtsAll[len] = amt; ++len; }
The quoteCustomRedemption function won't revert because of array index out-of-bonds.
quoteCustomRedemption
0xean marked the issue as satisfactory
0xean marked the issue as confirmed for report
Lines of code
Vulnerability details
Comments
The mitigation puts the original
assetRegistry.toAsset
try catch block in the beginning loop. So that, only the registered coll asset can be saved in the erc20sAll / collsAll / refAmtsAll array:The
quoteCustomRedemption
function won't revert because of array index out-of-bonds.