I hate to defend kludges, but here we go. The customer paid for fixing the out of bounds issue, the urgent one. So while you seem to be applying good methodology in eliminating magic numbers and named registers, you risked the project beginning a rabbit hole. Timing dependent FPGA code can be fragile and risky to mess with. It's unlikely the customer intended to pay for that.
I hope to one day have some sort of built wisdom or experience where I can foresee these kinds of issues, however I find myself now 6-7 years into a software engineering career and I really don't see these sort of unexpected combinatorial failures happening any less than they used to in my work.