From 3d6220944f81db4ca2488a58b060fe4d63eed87a Mon Sep 17 00:00:00 2001 From: Michael De Luca Date: Sun, 12 Dec 2021 05:38:00 -0500 Subject: [PATCH 1/2] fix: Input validation for `setAllowedSlippage` (c4 #45) --- contracts/DebtLocker.sol | 3 ++- contracts/test/DebtLocker.t.sol | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/contracts/DebtLocker.sol b/contracts/DebtLocker.sol index ea864d6..a4d1590 100644 --- a/contracts/DebtLocker.sol +++ b/contracts/DebtLocker.sol @@ -82,7 +82,8 @@ contract DebtLocker is IDebtLocker, DebtLockerStorage, MapleProxied { } function setAllowedSlippage(uint256 allowedSlippage_) external override whenProtocolNotPaused { - require(msg.sender == _getPoolDelegate(), "DL:SAS:NOT_PD"); + require(msg.sender == _getPoolDelegate(), "DL:SAS:NOT_PD"); + require(allowedSlippage_ <= uint256(10000), "DL:SAS:INVALID_SLIPPAGE"); emit AllowedSlippageSet(_allowedSlippage = allowedSlippage_); } diff --git a/contracts/test/DebtLocker.t.sol b/contracts/test/DebtLocker.t.sol index d235741..5208394 100644 --- a/contracts/test/DebtLocker.t.sol +++ b/contracts/test/DebtLocker.t.sol @@ -726,6 +726,19 @@ contract DebtLockerTests is TestUtils { pool.triggerDefault(address(debtLocker)); } + /******************************/ + /*** Input Validation Tests ***/ + /******************************/ + + function test_setAllowedSlippage_invalidSlippage() external { + MapleLoan loan = _createLoan(1_000_000, 30_000); + + DebtLocker debtLocker = DebtLocker(pool.createDebtLocker(address(dlFactory), address(loan))); + + assertTrue(!poolDelegate.try_debtLocker_setAllowedSlippage(address(debtLocker), 10001)); + assertTrue( poolDelegate.try_debtLocker_setAllowedSlippage(address(debtLocker), 10000)); + } + /***********************/ /*** Refinance Tests ***/ /***********************/ From 6970fa2a9e18dc6c7e6b89dfcfa09852e83e9fa3 Mon Sep 17 00:00:00 2001 From: Lucas Manuel Date: Sun, 12 Dec 2021 18:41:31 -0500 Subject: [PATCH 2/2] fix: use underscore syntax for 10k --- contracts/DebtLocker.sol | 4 ++-- contracts/test/DebtLocker.t.sol | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contracts/DebtLocker.sol b/contracts/DebtLocker.sol index a4d1590..cbca0fd 100644 --- a/contracts/DebtLocker.sol +++ b/contracts/DebtLocker.sol @@ -82,8 +82,8 @@ contract DebtLocker is IDebtLocker, DebtLockerStorage, MapleProxied { } function setAllowedSlippage(uint256 allowedSlippage_) external override whenProtocolNotPaused { - require(msg.sender == _getPoolDelegate(), "DL:SAS:NOT_PD"); - require(allowedSlippage_ <= uint256(10000), "DL:SAS:INVALID_SLIPPAGE"); + require(msg.sender == _getPoolDelegate(), "DL:SAS:NOT_PD"); + require(allowedSlippage_ <= uint256(10_000), "DL:SAS:INVALID_SLIPPAGE"); emit AllowedSlippageSet(_allowedSlippage = allowedSlippage_); } diff --git a/contracts/test/DebtLocker.t.sol b/contracts/test/DebtLocker.t.sol index 5208394..9948487 100644 --- a/contracts/test/DebtLocker.t.sol +++ b/contracts/test/DebtLocker.t.sol @@ -735,8 +735,8 @@ contract DebtLockerTests is TestUtils { DebtLocker debtLocker = DebtLocker(pool.createDebtLocker(address(dlFactory), address(loan))); - assertTrue(!poolDelegate.try_debtLocker_setAllowedSlippage(address(debtLocker), 10001)); - assertTrue( poolDelegate.try_debtLocker_setAllowedSlippage(address(debtLocker), 10000)); + assertTrue(!poolDelegate.try_debtLocker_setAllowedSlippage(address(debtLocker), 10_001)); + assertTrue( poolDelegate.try_debtLocker_setAllowedSlippage(address(debtLocker), 10_000)); } /***********************/