[M-01] Insufficient input validation

[madMax92221]

Severity

Impact: Medium, because a protocol can be broken and the code could give a false calculations

Likelihood: Medium, as it can be gamed but it needs compromised / malicious owner

Description

The _rewardMultiplier param in createRiskPool() is not constrained in any way.

Another instances where an upper constrain is missing are:

• the setter functions in CapitalAgent.sol that involve uint256 as a param
• the setter functions in SingleSidedInsurancePool.sol that involve uint256 as a param
• the setter functions in SingleSidedReinsurancePool.sol that involve uint256 as a param
• the param in setMinLPCapital()
• the param in setBuyPolicyMaxDeadline()
• the param in policyClaim()
• the param in setBuyPolicyMaxDeadlineInPolicy()

Recommendation

Set reasonable lower and upper constrains for these params.

[wankhede04]

Acknowledged