fix: require minimum split depth of 2

FDGs with a split depth below 2 can trigger bugs in clock extension. Since we don't expect to have a split depth anywhere near 0 or 1 this is a low impact bug and doesn't have an impact on production but should be prevented anyway.

fix: require minimum split depth of 2
FDGs with a split depth below 2 can trigger bugs in clock extension. Since we don't expect to have a split depth anywhere near 0 or 1 this is a low impact bug and doesn't have an impact on production but should be prevented anyway.
cbbe2621 · Kelvin Fichter · Adrian Sutton · 937acedf · cbbe2621 · cbbe2621
Commit cbbe2621 authored Jul 27, 2024 by Kelvin Fichter Committed by Adrian Sutton Aug 16, 2024
4 changed files
--- a/packages/contracts-bedrock/semver-lock.json
+++ b/packages/contracts-bedrock/semver-lock.json
@@ -160,8 +160,8 @@
    "sourceCodeHash": "0x918c395ac5d77357f2551616aad0613e68893862edd14e554623eb16ee6ba148"
  },
  "src/dispute/FaultDisputeGame.sol": {
-    "initCodeHash": "0x5ea5b544b8d7b32f55f7864c25a2443a5db363ffd1c66e0799cbc7bccaf98526",
+    "initCodeHash": "0x4c062d275f63e8d1cfebff05aa450899e7f28336277db556017a4f716d5b8f0d",
-    "sourceCodeHash": "0xa0d373c969b78752aefb66b56807490e16ce0d09c8514b485b3d2df29bf8d514"
+    "sourceCodeHash": "0x440b11619446fe278983cb02e9fd86717f9da5dddea75bb74d6e59d1186971d9"
  },
  "src/dispute/weth/DelayedWETH.sol": {
    "initCodeHash": "0xb9bbe005874922cd8f499e7a0a092967cfca03e012c1e41912b0c77481c71777",

--- a/packages/contracts-bedrock/snapshots/state-diff/Kontrol-31337.json
+++ b/packages/contracts-bedrock/snapshots/state-diff/Kontrol-31337.json
--- a/packages/contracts-bedrock/src/dispute/FaultDisputeGame.sol
+++ b/packages/contracts-bedrock/src/dispute/FaultDisputeGame.sol
@@ -138,6 +138,8 @@ contract FaultDisputeGame is IFaultDisputeGame, Clone, ISemver {
        if (_maxGameDepth > LibPosition.MAX_POSITION_BITLEN - 1) revert MaxDepthTooLarge();
        // The split depth cannot be greater than or equal to the max game depth.
        if (_splitDepth >= _maxGameDepth) revert InvalidSplitDepth();
+        // The split depth cannot be 0 or 1 to stay in bounds of clock extension arithmetic.
+        if (_splitDepth < 2) revert InvalidSplitDepth();
        // The clock extension may not be greater than the max clock duration.
        if (_clockExtension.raw() > _maxClockDuration.raw()) revert InvalidClockExtension();

--- a/packages/contracts-bedrock/test/dispute/FaultDisputeGame.t.sol
+++ b/packages/contracts-bedrock/test/dispute/FaultDisputeGame.t.sol
@@ -149,6 +149,28 @@ contract FaultDisputeGame_Test is FaultDisputeGame_Init {
        });
    }
+    /// @dev Tests that the constructor of the `FaultDisputeGame` reverts when the `_splitDepth`
+    ///      parameter is less than the minimum split depth (currently 2).
+    function testFuzz_constructor_lowSplitDepth_reverts(uint256 _splitDepth) public {
+        AlphabetVM alphabetVM = new AlphabetVM(absolutePrestate, new PreimageOracle(0, 0));
+        uint256 minSplitDepth = 2;
+        _splitDepth = bound(_splitDepth, 0, minSplitDepth - 1);
+        vm.expectRevert(InvalidSplitDepth.selector);
+        new FaultDisputeGame({
+            _gameType: GAME_TYPE,
+            _absolutePrestate: absolutePrestate,
+            _maxGameDepth: 2 ** 3,
+            _splitDepth: _splitDepth,
+            _clockExtension: Duration.wrap(3 hours),
+            _maxClockDuration: Duration.wrap(3.5 days),
+            _vm: alphabetVM,
+            _weth: DelayedWETH(payable(address(0))),
+            _anchorStateRegistry: IAnchorStateRegistry(address(0)),
+            _l2ChainId: 10
+        });
+    }
    /// @dev Tests that the constructor of the `FaultDisputeGame` reverts when clock extension is greater than the
    ///      max clock duration.
    function testFuzz_constructor_clockExtensionTooLong_reverts(