fix: correct check for max game depth

Modifies the FDG constructor to correctly check that the
splitDepth +1 is gte the max game depth. Means that the splitDepth
is now limited to be 1 smaller than it was before. Fine in prod
but avoids a bug in the trace ancestor lookup logic.

packages/contracts-bedrock/semver-lock.json

@@ -160,8 +160,8 @@
     "sourceCodeHash": "0x918c395ac5d77357f2551616aad0613e68893862edd14e554623eb16ee6ba148"
   },
   "src/dispute/FaultDisputeGame.sol": {
-    "initCodeHash": "0x4c062d275f63e8d1cfebff05aa450899e7f28336277db556017a4f716d5b8f0d",
-    "sourceCodeHash": "0x440b11619446fe278983cb02e9fd86717f9da5dddea75bb74d6e59d1186971d9"
+    "initCodeHash": "0xc2245e2c47c52405e3776502fcf7fe6804f4d45aec410d8215dab3a0eb95df40",
+    "sourceCodeHash": "0x769983913a4228c34475cb52286c0bc380495b3be9e401bf46eae3b32286f560"
   },
   "src/dispute/weth/DelayedWETH.sol": {
     "initCodeHash": "0xb9bbe005874922cd8f499e7a0a092967cfca03e012c1e41912b0c77481c71777",

packages/contracts-bedrock/src/dispute/FaultDisputeGame.sol

@@ -136,13 +136,20 @@ contract FaultDisputeGame is IFaultDisputeGame, Clone, ISemver {
     ) {
         // The max game depth may not be greater than `LibPosition.MAX_POSITION_BITLEN - 1`.
         if (_maxGameDepth > LibPosition.MAX_POSITION_BITLEN - 1) revert MaxDepthTooLarge();
-        // The split depth cannot be greater than or equal to the max game depth.
-        if (_splitDepth >= _maxGameDepth) revert InvalidSplitDepth();
+
+        // The split depth plus one cannot be greater than or equal to the max game depth. We add
+        // an additional depth to the split depth to avoid a bug in trace ancestor lookup. We know
+        // that the case where the split depth is the max value for uint256 is equivalent to the
+        // second check though we do need to check it explicitly to avoid an overflow.
+        if (_splitDepth == type(uint256).max || _splitDepth + 1 >= _maxGameDepth) revert InvalidSplitDepth();
+
         // The split depth cannot be 0 or 1 to stay in bounds of clock extension arithmetic.
         if (_splitDepth < 2) revert InvalidSplitDepth();
+
         // The clock extension may not be greater than the max clock duration.
         if (_clockExtension.raw() > _maxClockDuration.raw()) revert InvalidClockExtension();
 
+        // Set up initial game state.
         GAME_TYPE = _gameType;
         ABSOLUTE_PRESTATE = _absolutePrestate;
         MAX_GAME_DEPTH = _maxGameDepth;

packages/contracts-bedrock/test/dispute/FaultDisputeGame.t.sol

@@ -133,12 +133,13 @@ contract FaultDisputeGame_Test is FaultDisputeGame_Init {
     function testFuzz_constructor_invalidSplitDepth_reverts(uint256 _splitDepth) public {
         AlphabetVM alphabetVM = new AlphabetVM(absolutePrestate, new PreimageOracle(0, 0));
 
-        _splitDepth = bound(_splitDepth, 2 ** 3, type(uint256).max);
+        uint256 maxGameDepth = 2 ** 3;
+        _splitDepth = bound(_splitDepth, maxGameDepth - 1, type(uint256).max);
         vm.expectRevert(InvalidSplitDepth.selector);
         new FaultDisputeGame({
             _gameType: GAME_TYPE,
             _absolutePrestate: absolutePrestate,
-            _maxGameDepth: 2 ** 3,
+            _maxGameDepth: maxGameDepth,
             _splitDepth: _splitDepth,
             _clockExtension: Duration.wrap(3 hours),
             _maxClockDuration: Duration.wrap(3.5 days),