QA/Low report

[sherlock-admin2]

QA/Low report

Low/Info issue submitted by TheSeraphs

Summary Setting bond amount to 0 not checked

Contract: DisputeGameFactory.sol

Vulnerability Detail

Given the importance of bonds for disputing L2 claims for the protocol, it seems best practice to ensure the objectives of resolved claims and the protection against spam disputes is upheld.

The FaultDisputeGame contract holds claims about the state of L2. Instances are created through the factory, and users initialize them with a claim. The contract contains code to determine the claim's validity, resolving the game as either valid or not.

Impact

The setInitBond() function plays a crucial role in the DisputeGameFactory contract where the owner can set the bond amount for various game types. This is key for making sure that disputes carry weight and have a financial stake, essentially putting a cost on starting challenges. However, there's a small flaw in the current setup: if the InitBond somehow ends up being set to 0, it could pretty much remove the financial deterrent against pointless disputes. This means users could spam disputes against claims without any real consequences. Not only would this flood the protocol with unnecessary disputes, but it also waters down the significance of the outcomes, as there's nothing to win or lose for the challenger or the defender.

Code snippet

https://github.com/sherlock-audit/2024-02-optimism-2024/blob/main/optimism/packages/contracts-bedrock/src/dispute/DisputeGameFactory.sol#L195C1-L198C6

Tool used

Manual Review

Recommendation:

function setInitBond(GameType _gameType, uint256 _initBond) external onlyOwner {
+       if ( _initBond == 0 ) revert BondAmountInvalid();
initBonds[_gameType] = _initBond;
emit InitBondUpdated(_gameType, _initBond);
}