Add Security Checks for Config (#49)

* feat: add and enforce basic checks for config vars

Author: riccardo-ssvlabs

src/core/SSVBasedApps.sol

@@ -103,10 +103,45 @@ contract SSVBasedApps is
             protocolManager_
         );
 
-        if (config.maxFeeIncrement == 0 || config.maxFeeIncrement > 10_000) {
+        if (
+            config.maxFeeIncrement == 0 ||
+            config.maxFeeIncrement > MAX_PERCENTAGE
+        ) {
             revert InvalidMaxFeeIncrement();
         }
 
+        if (config.maxShares == 0 || config.maxShares < 1e38) {
+            revert InvalidMaxShares();
+        }
+
+        if (config.feeTimelockPeriod == 0) {
+            revert InvalidFeeTimelockPeriod();
+        }
+
+        if (config.feeExpireTime == 0) {
+            revert InvalidFeeExpireTime();
+        }
+
+        if (config.withdrawalTimelockPeriod == 0) {
+            revert InvalidWithdrawalTimelockPeriod();
+        }
+
+        if (config.withdrawalExpireTime == 0) {
+            revert InvalidWithdrawalExpireTime();
+        }
+
+        if (config.obligationTimelockPeriod == 0) {
+            revert InvalidObligationTimelockPeriod();
+        }
+
+        if (config.obligationExpireTime == 0) {
+            revert InvalidObligationExpireTime();
+        }
+
+        if (config.tokenUpdateTimelockPeriod == 0) {
+            revert InvalidTokenUpdateTimelockPeriod();
+        }
+
         sp.maxFeeIncrement = config.maxFeeIncrement;
         sp.feeTimelockPeriod = config.feeTimelockPeriod;
         sp.feeExpireTime = config.feeExpireTime;
@@ -343,9 +378,7 @@ contract SSVBasedApps is
         _delegateTo(SSVCoreModules.SSV_PROTOCOL_MANAGER);
     }
 
-    function updateDisabledFeatures(
-        uint32 disabledFeatures
-    ) external onlyOwner {
+    function updateDisabledFeatures(uint32 value) external onlyOwner {
         _delegateTo(SSVCoreModules.SSV_PROTOCOL_MANAGER);
     }
 

src/core/interfaces/ISSVBasedApps.sol

@@ -27,5 +27,13 @@ interface ISSVBasedApps {
     ) external;
 
     error InvalidMaxFeeIncrement();
+    error InvalidMaxShares();
+    error InvalidFeeTimelockPeriod();
+    error InvalidFeeExpireTime();
+    error InvalidWithdrawalTimelockPeriod();
+    error InvalidWithdrawalExpireTime();
+    error InvalidObligationTimelockPeriod();
+    error InvalidObligationExpireTime();
+    error InvalidTokenUpdateTimelockPeriod();
     error TargetModuleDoesNotExist(uint8 moduleId);
 }

src/core/modules/ProtocolManager.sol

@@ -3,64 +3,86 @@ pragma solidity 0.8.29;
 
 import { IProtocolManager } from "@ssv/src/core/interfaces/IProtocolManager.sol";
 import { ProtocolStorageLib } from "@ssv/src/core/libraries/ProtocolStorageLib.sol";
+import { ISSVBasedApps } from "@ssv/src/core/interfaces/ISSVBasedApps.sol";
 
 contract ProtocolManager is IProtocolManager {
     uint32 private constant SLASHING_DISABLED = 1 << 0;
     uint32 private constant WITHDRAWALS_DISABLED = 1 << 1;
 
+    uint32 private constant MIN_TIME_LOCK_PERIOD = 1 days;
+    uint32 private constant MIN_EXPIRE_TIME = 1 hours;
+
     function updateFeeTimelockPeriod(uint32 feeTimelockPeriod) external {
+        if (feeTimelockPeriod < MIN_TIME_LOCK_PERIOD)
+            revert ISSVBasedApps.InvalidFeeTimelockPeriod();
         ProtocolStorageLib.load().feeTimelockPeriod = feeTimelockPeriod;
         emit FeeTimelockPeriodUpdated(feeTimelockPeriod);
     }
 
     function updateFeeExpireTime(uint32 feeExpireTime) external {
+        if (feeExpireTime < MIN_EXPIRE_TIME)
+            revert ISSVBasedApps.InvalidFeeExpireTime();
         ProtocolStorageLib.load().feeExpireTime = feeExpireTime;
         emit FeeExpireTimeUpdated(feeExpireTime);
     }
 
     function updateWithdrawalTimelockPeriod(
         uint32 withdrawalTimelockPeriod
     ) external {
+        if (withdrawalTimelockPeriod < MIN_TIME_LOCK_PERIOD)
+            revert ISSVBasedApps.InvalidWithdrawalTimelockPeriod();
         ProtocolStorageLib
             .load()
             .withdrawalTimelockPeriod = withdrawalTimelockPeriod;
         emit WithdrawalTimelockPeriodUpdated(withdrawalTimelockPeriod);
     }
 
     function updateWithdrawalExpireTime(uint32 withdrawalExpireTime) external {
+        if (withdrawalExpireTime < MIN_EXPIRE_TIME)
+            revert ISSVBasedApps.InvalidWithdrawalExpireTime();
         ProtocolStorageLib.load().withdrawalExpireTime = withdrawalExpireTime;
         emit WithdrawalExpireTimeUpdated(withdrawalExpireTime);
     }
 
     function updateObligationTimelockPeriod(
         uint32 obligationTimelockPeriod
     ) external {
+        if (obligationTimelockPeriod < MIN_TIME_LOCK_PERIOD)
+            revert ISSVBasedApps.InvalidObligationTimelockPeriod();
         ProtocolStorageLib
             .load()
             .obligationTimelockPeriod = obligationTimelockPeriod;
         emit ObligationTimelockPeriodUpdated(obligationTimelockPeriod);
     }
 
     function updateObligationExpireTime(uint32 obligationExpireTime) external {
+        if (obligationExpireTime < MIN_EXPIRE_TIME)
+            revert ISSVBasedApps.InvalidObligationExpireTime();
         ProtocolStorageLib.load().obligationExpireTime = obligationExpireTime;
         emit ObligationExpireTimeUpdated(obligationExpireTime);
     }
 
     function updateTokenUpdateTimelockPeriod(
         uint32 tokenUpdateTimelockPeriod
     ) external {
+        if (tokenUpdateTimelockPeriod < MIN_TIME_LOCK_PERIOD)
+            revert ISSVBasedApps.InvalidTokenUpdateTimelockPeriod();
         ProtocolStorageLib
             .load()
             .tokenUpdateTimelockPeriod = tokenUpdateTimelockPeriod;
         emit TokenUpdateTimelockPeriodUpdated(tokenUpdateTimelockPeriod);
     }
 
     function updateMaxShares(uint256 maxShares) external {
+        if (maxShares < 1e38) revert ISSVBasedApps.InvalidMaxShares();
         ProtocolStorageLib.load().maxShares = maxShares;
         emit StrategyMaxSharesUpdated(maxShares);
     }
 
     function updateMaxFeeIncrement(uint32 maxFeeIncrement) external {
+        if (maxFeeIncrement < 50)
+            // 0.5% increment
+            revert ISSVBasedApps.InvalidMaxFeeIncrement();
         ProtocolStorageLib.load().maxFeeIncrement = maxFeeIncrement;
         emit StrategyMaxFeeIncrementUpdated(maxFeeIncrement);
     }