audit: fix fungible token overflow

DCDEIE · Jun 2, 2021 · 9b2e34d · 9b2e34d
1 parent c58a18e
commit 9b2e34d
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/contracts/contracts/ZkSync.sol b/contracts/contracts/ZkSync.sol
@@ -497,9 +497,13 @@ contract ZkSync is UpgradeableMaster, Storage, Config, Events, ReentrancyGuard {
 
             if (opType == Operations.OpType.PartialExit) {
                 Operations.PartialExit memory op = Operations.readPartialExitPubdata(pubData);
+
+                require(op.tokenId <= MAX_FUNGIBLE_TOKEN_ID, "mf1");
                 withdrawOrStore(uint16(op.tokenId), op.owner, op.amount);
             } else if (opType == Operations.OpType.ForcedExit) {
                 Operations.ForcedExit memory op = Operations.readForcedExitPubdata(pubData);
+
+                require(op.tokenId <= MAX_FUNGIBLE_TOKEN_ID, "mf1");
                 withdrawOrStore(uint16(op.tokenId), op.target, op.amount);
             } else if (opType == Operations.OpType.FullExit) {
                 Operations.FullExit memory op = Operations.readFullExitPubdata(pubData);