Skip to content

[Bug] No upper bound on bond_amount or challenge_window_secs #2

Description

@collinsezedike

Description

initialize only rejects bond_amount <= 0 and challenge_window_secs == 0. There is no upper bound on either. An admin typo, such as a window of billions of seconds, is unguarded, and a very large window compounds the storage TTL gap tracked in #1.

Steps to reproduce

  1. Call initialize with an extremely large challenge_window_secs, e.g. u64::MAX.
  2. Observe it succeeds.

Expected behavior

Either a sane upper bound is enforced, or the risk is explicitly documented for integrators and admins choosing these parameters.

Actual behavior

Any positive bond_amount and any non-zero challenge_window_secs is accepted, with no sanity ceiling.

Environment

  • Network: testnet / local
  • Contract: tholos
  • Commit or tag: v0.2.0

Possible impact

Combined with #1, an unbounded challenge window increases the chance of a persistent storage entry expiring before it's acted on.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions