fix(ctb): Perform correct clock validation in FDG constructor (#231)

* Prevent reiniting preimage uploads. (#190)

* fix(ctb): Perform correct clock validation in FDG constructor

Fixes the clock extension / max clock duration check in the
`FaultDisputeGame` constructor to account for the worst-case clock
extension.

* fix: add semver-lock

* fix: add kontrol

* gas snapshot

* fix: gas snapshot and semver-lock

---------
Co-authored-by: Adrian Sutton <adrian@oplabs.co>
Co-authored-by: refcell <abigger87@gmail.com>

packages/contracts-bedrock/semver-lock.json

@@ -160,8 +160,8 @@
     "sourceCodeHash": "0x918c395ac5d77357f2551616aad0613e68893862edd14e554623eb16ee6ba148"
   },
   "src/dispute/FaultDisputeGame.sol": {
-    "initCodeHash": "0xc2245e2c47c52405e3776502fcf7fe6804f4d45aec410d8215dab3a0eb95df40",
-    "sourceCodeHash": "0x769983913a4228c34475cb52286c0bc380495b3be9e401bf46eae3b32286f560"
+    "initCodeHash": "0xed4f3a194664b205e65a5a304223a1c093e3b2395b068c73e4494f76c50dcc52",
+    "sourceCodeHash": "0xd1c6636914525cd601402bc8f66ff33d7abb0527f1295e14cb32a389ca903ac4"
   },
   "src/dispute/weth/DelayedWETH.sol": {
     "initCodeHash": "0x8f9a5b50374331ad2fabe03a7ce28a0012bfaca5fa48ee917339c3eec39a319f",

packages/contracts-bedrock/src/dispute/FaultDisputeGame.sol

@@ -69,8 +69,8 @@ contract FaultDisputeGame is IFaultDisputeGame, Clone, ISemver {
     uint256 internal constant HEADER_BLOCK_NUMBER_INDEX = 8;
 
     /// @notice Semantic version.
-    /// @custom:semver 1.2.0
-    string public constant version = "1.2.0";
+    /// @custom:semver 1.2.1
+    string public constant version = "1.2.1";
 
     /// @notice The starting timestamp of the game
     Timestamp public createdAt;
@@ -149,6 +149,9 @@ contract FaultDisputeGame is IFaultDisputeGame, Clone, ISemver {
         // The clock extension may not be greater than the max clock duration.
         if (_clockExtension.raw() > _maxClockDuration.raw()) revert InvalidClockExtension();
 
+        // The worst-case clock extension may not be greater than the max clock duration.
+        if (_clockExtension.raw() * 2 > _maxClockDuration.raw()) revert InvalidClockExtension();
+
         // Set up initial game state.
         GAME_TYPE = _gameType;
         ABSOLUTE_PRESTATE = _absolutePrestate;

packages/contracts-bedrock/test/dispute/FaultDisputeGame.t.sol

@@ -172,8 +172,8 @@ contract FaultDisputeGame_Test is FaultDisputeGame_Init {
         });
     }
 
-    /// @dev Tests that the constructor of the `FaultDisputeGame` reverts when clock extension is greater than the
-    ///      max clock duration.
+    /// @dev Tests that the constructor of the `FaultDisputeGame` reverts when clock extension * 2 is greater than
+    ///      the max clock duration.
     function testFuzz_constructor_clockExtensionTooLong_reverts(
         uint64 _maxClockDuration,
         uint64 _clockExtension
@@ -182,8 +182,11 @@ contract FaultDisputeGame_Test is FaultDisputeGame_Init {
     {
         AlphabetVM alphabetVM = new AlphabetVM(absolutePrestate, new PreimageOracle(0, 0));
 
-        _maxClockDuration = uint64(bound(_maxClockDuration, 0, type(uint64).max - 1));
-        _clockExtension = uint64(bound(_clockExtension, _maxClockDuration + 1, type(uint64).max));
+        // Force the clock extension * 2 to be greater than the max clock duration, but keep things within
+        // bounds of the uint64 type.
+        _maxClockDuration = uint64(bound(_maxClockDuration, 0, type(uint64).max / 2 - 1));
+        _clockExtension = uint64(bound(_clockExtension, _maxClockDuration / 2 + 1, type(uint64).max / 2));
+
         vm.expectRevert(InvalidClockExtension.selector);
         new FaultDisputeGame({
             _gameType: GAME_TYPE,