From b01946ef5a46906a4b3e5f7dc17b6fc99810e894 Mon Sep 17 00:00:00 2001
From: Reinis Martinsons <reinis@umaproject.org>
Date: Mon, 17 Jun 2024 11:26:59 +0000
Subject: [PATCH] fix[oval-audit-m-03]: validate controller deployment
 parameters

Signed-off-by: Reinis Martinsons <reinis@umaproject.org>
---
 src/controllers/ImmutableController.sol        | 3 +++
 src/controllers/MutableUnlockersController.sol | 3 +++
 src/factories/BaseFactory.sol                  | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/src/controllers/ImmutableController.sol b/src/controllers/ImmutableController.sol
index 0b48665..a42bbd7 100644
--- a/src/controllers/ImmutableController.sol
+++ b/src/controllers/ImmutableController.sol
@@ -18,6 +18,9 @@ abstract contract ImmutableController is Oval {
     mapping(address => bool) public unlockers;
 
     constructor(uint256 _lockWindow, uint256 _maxTraversal, address[] memory _unlockers, uint256 _maxAge) {
+        require(_maxAge > _lockWindow, "Max age not above lock window");
+        require(_maxTraversal > 0, "Max traversal must be > 0");
+
         LOCK_WINDOW = _lockWindow;
         MAX_TRAVERSAL = _maxTraversal;
         MAX_AGE = _maxAge;
diff --git a/src/controllers/MutableUnlockersController.sol b/src/controllers/MutableUnlockersController.sol
index a7acf13..c9ea029 100644
--- a/src/controllers/MutableUnlockersController.sol
+++ b/src/controllers/MutableUnlockersController.sol
@@ -16,6 +16,9 @@ abstract contract MutableUnlockersController is Ownable, Oval {
     mapping(address => bool) public unlockers;
 
     constructor(uint256 _lockWindow, uint256 _maxTraversal, address[] memory _unlockers, uint256 _maxAge) {
+        require(_maxAge > _lockWindow, "Max age not above lock window");
+        require(_maxTraversal > 0, "Max traversal must be > 0");
+
         LOCK_WINDOW = _lockWindow;
         MAX_TRAVERSAL = _maxTraversal;
         MAX_AGE = _maxAge;
diff --git a/src/factories/BaseFactory.sol b/src/factories/BaseFactory.sol
index f4fcd8c..a97b33b 100644
--- a/src/factories/BaseFactory.sol
+++ b/src/factories/BaseFactory.sol
@@ -24,6 +24,8 @@ contract BaseFactory is Ownable {
     );
 
     constructor(uint256 _maxTraversal, address[] memory _defaultUnlockers) {
+        require(_maxTraversal > 0, "Max traversal must be > 0");
+
         MAX_TRAVERSAL = _maxTraversal;
         setDefaultUnlockers(_defaultUnlockers);
     }