diff --git a/contracts/DebtLocker.sol b/contracts/DebtLocker.sol index ea864d6..cbca0fd 100644 --- a/contracts/DebtLocker.sol +++ b/contracts/DebtLocker.sol @@ -82,7 +82,8 @@ contract DebtLocker is IDebtLocker, DebtLockerStorage, MapleProxied { } function setAllowedSlippage(uint256 allowedSlippage_) external override whenProtocolNotPaused { - require(msg.sender == _getPoolDelegate(), "DL:SAS:NOT_PD"); + require(msg.sender == _getPoolDelegate(), "DL:SAS:NOT_PD"); + require(allowedSlippage_ <= uint256(10_000), "DL:SAS:INVALID_SLIPPAGE"); emit AllowedSlippageSet(_allowedSlippage = allowedSlippage_); } diff --git a/contracts/test/DebtLocker.t.sol b/contracts/test/DebtLocker.t.sol index d235741..9948487 100644 --- a/contracts/test/DebtLocker.t.sol +++ b/contracts/test/DebtLocker.t.sol @@ -726,6 +726,19 @@ contract DebtLockerTests is TestUtils { pool.triggerDefault(address(debtLocker)); } + /******************************/ + /*** Input Validation Tests ***/ + /******************************/ + + function test_setAllowedSlippage_invalidSlippage() external { + MapleLoan loan = _createLoan(1_000_000, 30_000); + + DebtLocker debtLocker = DebtLocker(pool.createDebtLocker(address(dlFactory), address(loan))); + + assertTrue(!poolDelegate.try_debtLocker_setAllowedSlippage(address(debtLocker), 10_001)); + assertTrue( poolDelegate.try_debtLocker_setAllowedSlippage(address(debtLocker), 10_000)); + } + /***********************/ /*** Refinance Tests ***/ /***********************/