The redeem function allows you to put any amount that can be held in a uint256 in as the amount of assetTokens you want to redeem. The only restriction is that if you put type(uint256).max, it is reset to your balance of assetTokens. But there is no reason for people to try to withdraw more than what they have and allowing them to put in a huge number (possibly less than the max of uint256 but still enough to overflow when the exchange rate is applied) could create problems.
Generally it is better to prevent people from being able to use unexpected inputs in your functions.
Manual review
Add the following check as the second line of the redeem function:
Also add an error ThunderLoan__InsufficientAssetTokens();
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.