From cbdcc31433c6a5c83e7700fa0d9f777e371f0c29 Mon Sep 17 00:00:00 2001
From: Hadrien Croubois <hadrien.croubois@gmail.com>
Date: Thu, 27 Jan 2022 22:05:45 +0100
Subject: [PATCH] fix a vulnerability to illformed events

---
 src/datasources/erc1155.ts | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/src/datasources/erc1155.ts b/src/datasources/erc1155.ts
index d258230..eabfc97 100644
--- a/src/datasources/erc1155.ts
+++ b/src/datasources/erc1155.ts
@@ -119,18 +119,25 @@ export function handleTransferBatch(event: TransferBatchEvent): void
 
 	let ids    = event.params.ids
 	let values = event.params.values
-	for (let i = 0;  i < ids.length; ++i)
+
+	// If this equality doesn't hold (some devs actually don't follox the ERC specifications) then we just can't make
+	// sens of what is happening. Don't try to make something out of stupid code, and just throw the event. This
+	// contract doesn't follow the standard anyway.
+	if(ids.length == values.length)
 	{
-		registerTransfer(
-			event,
-			"/".concat(i.toString()),
-			contract,
-			operator,
-			from,
-			to,
-			ids[i],
-			values[i]
-		)
+		for (let i = 0;  i < ids.length; ++i)
+		{
+			registerTransfer(
+				event,
+				"/".concat(i.toString()),
+				contract,
+				operator,
+				from,
+				to,
+				ids[i],
+				values[i]
+			)
+		}
 	}
 }