fix: RSV-03 | Missing Input Validation

VenusProtocol · Feb 6, 2025 · c8a5a08 · c8a5a08
1 parent c1a39c1
commit c8a5a08
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/contracts/RiskSteward/MarketCapsRiskSteward.sol b/contracts/RiskSteward/MarketCapsRiskSteward.sol
@@ -105,7 +105,7 @@ contract MarketCapsRiskSteward is IRiskSteward, AccessControlledV8 {
      */
     function initialize(address accessControlManager_, uint256 maxDeltaBps_) external initializer {
         __AccessControlled_init(accessControlManager_);
-        if (maxDeltaBps_ == 0) {
+        if (maxDeltaBps_ == 0 || maxDeltaBps_ > MAX_BPS) {
             revert InvalidMaxDeltaBps();
         }
         maxDeltaBps = maxDeltaBps_;
@@ -120,7 +120,7 @@ contract MarketCapsRiskSteward is IRiskSteward, AccessControlledV8 {
      */
     function setMaxDeltaBps(uint256 maxDeltaBps_) external {
         _checkAccessAllowed("setMaxDeltaBps(uint256)");
-        if (maxDeltaBps_ == 0) {
+        if (maxDeltaBps_ == 0 || maxDeltaBps_ > MAX_BPS) {
             revert InvalidMaxDeltaBps();
         }
         emit MaxDeltaBpsUpdated(maxDeltaBps, maxDeltaBps_);

diff --git a/contracts/RiskSteward/RiskStewardReceiver.sol b/contracts/RiskSteward/RiskStewardReceiver.sol
@@ -150,7 +150,7 @@ contract RiskStewardReceiver is IRiskStewardReceiver, PausableUpgradeable, Acces
         if (Strings.equal(updateType, "")) {
             revert UnsupportedUpdateType();
         }
-        if (debounce == 0) {
+        if (debounce == 0 || debounce > UPDATE_EXPIRATION_TIME) {
             revert InvalidDebounce();
         }
         RiskParamConfig memory previousConfig = riskParameterConfigs[updateType];

diff --git a/tests/RiskSteward/RiskStewardReceiver.ts b/tests/RiskSteward/RiskStewardReceiver.ts
@@ -20,7 +20,7 @@ const parseUnitsToHex = (value: number) => {
   return ethers.utils.hexZeroPad(hexValue(BigNumber.from(parseUnits(value.toString(), 18))), 32);
 };
 
-describe("Risk Steward", async function () {
+describe.only("Risk Steward", async function () {
   let deployer: SignerWithAddress,
     signer1: SignerWithAddress,
     mockRiskOracle: MockRiskOracle,
@@ -237,9 +237,19 @@ describe("Risk Steward", async function () {
       ).to.be.rejectedWith("InvalidDebounce");
     });
 
+    it("should revert if debounce is greater than UPDATE_EXPIRATION_TIME", async function () {
+      await expect(
+        riskStewardReceiver.setRiskParameterConfig("supplyCap", marketCapsRiskSteward.address, 60 * 60 * 24 + 1),
+      ).to.be.rejectedWith("InvalidDebounce");
+    });
+
     it("should revert if maxDeltaBps is 0", async function () {
       await expect(marketCapsRiskSteward.setMaxDeltaBps(0)).to.be.rejectedWith("InvalidMaxDeltaBps");
     });
+
+    it("should revert if maxDeltaBps is 10000 or greater", async function () {
+      await expect(marketCapsRiskSteward.setMaxDeltaBps(10001)).to.be.rejectedWith("InvalidMaxDeltaBps");
+    });
   });
 
   describe("Risk Steward Pause", async function () {