Missing input validation in config parameter enqueuing leads to silent configuration failures
enqueueConfigChange() accepts config values without validation; invalid values are silently ignored later in _applyPendingConfigChanges(), creating a mismatch between admin intent and the protocol's actual state.
Description
The enqueueConfigChange function accepts configuration parameter changes without any validation at enqueue time. Invalid parameter values are only validated during the callback execution in _applyPendingConfigChanges(), where they are silently ignored rather than rejected. This creates a scenario where administrators can unknowingly submit incorrect values that either fail silently or cause unintended protocol behavior.
The following steps demonstrate the issue:
- Admin submits a config change with an invalid value (e.g., price below minimum bounds)
- The
enqueueConfigChangefunction accepts this value without validation - During the next VRF callback, the invalid value is silently ignored in the setter function
- The admin believes the change was applied but the protocol continues with old values
- This creates a mismatch between expected and actual protocol configuration
Recommendation
-
Implement validation in
enqueueConfigChange: Add input validation that reverts immediately for invalid parameter values, providing clear feedback to administrators. -
Add parameter bounds documentation: Clearly document acceptable ranges for all configurable parameters.
Resolution
Golden Grid: Confirmed.
Zealynx: Fixed.
