From 14a5726936eb1af2a11d63f3ecf8524fbc8ceb79 Mon Sep 17 00:00:00 2001
From: Alexandre Adomnicai <alexandre@adomnicai.me>
Date: Wed, 28 Aug 2024 11:22:32 +0200
Subject: [PATCH] Hardening threshold parameter checks

---
 cmd/createcluster.go | 9 +++++++++
 cmd/createdkg.go     | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/cmd/createcluster.go b/cmd/createcluster.go
index 06827883a..8cc74fc66 100644
--- a/cmd/createcluster.go
+++ b/cmd/createcluster.go
@@ -324,6 +324,15 @@ func validateCreateConfig(ctx context.Context, conf clusterConfig) error {
 		return errors.New("missing --nodes flag")
 	}
 
+	// check for threshold parameter
+	if conf.Threshold < 2 {
+		return errors.New("threshold cannot be smaller than 2", z.Int("threshold", conf.Threshold))
+	}
+	if conf.Threshold > conf.NumNodes {
+		return errors.New("threshold cannot be greater than number of operators",
+			z.Int("threshold", conf.Threshold), z.Int("operators", conf.NumNodes))
+	}
+
 	// Check for valid network configuration.
 	if err := validateNetworkConfig(conf); err != nil {
 		return errors.Wrap(err, "get network config")
diff --git a/cmd/createdkg.go b/cmd/createdkg.go
index 765300e95..5ef9a4486 100644
--- a/cmd/createdkg.go
+++ b/cmd/createdkg.go
@@ -181,6 +181,10 @@ func validateWithdrawalAddrs(addrs []string, network string) error {
 
 // validateDKGConfig returns an error if any of the provided config parameter is invalid.
 func validateDKGConfig(threshold, numOperators int, network string, depositAmounts []int) error {
+	if threshold < 2 {
+		return errors.New("threshold cannot be smaller than 2", z.Int("threshold", threshold))
+	}
+
 	if threshold > numOperators {
 		return errors.New("threshold cannot be greater than length of operators",
 			z.Int("threshold", threshold), z.Int("operators", numOperators))