@@ -95,23 +95,27 @@ contract ReferenceAssertions is
9595
9696 /**
9797 * @dev Internal pure function to validate calldata offsets for dynamic
98- * types in BasicOrderParameters. This ensures that functions using the
99- * calldata object normally will be using the same data as optimized
100- * functions. Note that no parameters are supplied as all basic order
101- * functions use the same calldata encoding.
98+ * types in BasicOrderParameters and other parameters. This ensures
99+ * that functions using the calldata object normally will be using the
100+ * same data as the assembly functions and that values that are bound
101+ * to a given range are within that range. Note that no parameters are
102+ * supplied as all basic order functions use the same calldata
103+ * encoding.
102104 */
103- function _assertValidBasicOrderParameterOffsets () internal pure {
105+ function _assertValidBasicOrderParameters () internal pure {
104106 /*
105107 * Checks:
106108 * 1. Order parameters struct offset == 0x20
107109 * 2. Additional recipients arr offset == 0x200
108110 * 3. Signature offset == 0x240 + (recipients.length * 0x40)
111+ * 4. BasicOrderType between 0 and 23 (i.e. < 24)
109112 */
110113 // Declare a boolean designating basic order parameter offset validity.
111114 bool validOffsets = (abi.decode (msg .data [4 :36 ], (uint256 )) == 32 &&
112115 abi.decode (msg .data [548 :580 ], (uint256 )) == 576 &&
113116 abi.decode (msg .data [580 :612 ], (uint256 )) ==
114- 608 + 64 * abi.decode (msg .data [612 :644 ], (uint256 )));
117+ 608 + 64 * abi.decode (msg .data [612 :644 ], (uint256 ))) &&
118+ abi.decode (msg .data [292 :324 ], (uint256 )) < 24 ;
115119
116120 // Revert with an error if basic order parameter offsets are invalid.
117121 if (! validOffsets) {
0 commit comments