From 610393fb007be103f2e8d0f3b80a2a78e0f4f05a Mon Sep 17 00:00:00 2001 From: nxqbao Date: Mon, 16 Oct 2023 14:24:36 +0700 Subject: [PATCH] fix: validate withdrawal id in gateway --- contracts/ronin/gateway/RoninGatewayV3.sol | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contracts/ronin/gateway/RoninGatewayV3.sol b/contracts/ronin/gateway/RoninGatewayV3.sol index aa6adcebc..6e5da2410 100644 --- a/contracts/ronin/gateway/RoninGatewayV3.sol +++ b/contracts/ronin/gateway/RoninGatewayV3.sol @@ -266,6 +266,11 @@ contract RoninGatewayV3 is IBridgeTracking _bridgeTrackingContract = IBridgeTracking(getContract(ContractType.BRIDGE_TRACKING)); for (uint256 _i; _i < withdrawals.length; ) { id = withdrawals[_i]; + + if (id == 0 || id > withdrawalCount) { + revert ErrInvalidRequest(); + } + _withdrawalSig[id][operator] = signatures[_i]; _bridgeTrackingContract.recordVote(IBridgeTracking.VoteKind.Withdrawal, id, operator);