From 84d9d42894cafa23a444e9da74a155aa154a2872 Mon Sep 17 00:00:00 2001
From: baroooo <baranseltekin@gmail.com>
Date: Fri, 22 Nov 2024 16:54:51 +0100
Subject: [PATCH] feat: fix add missing min check (#547)

### Description

Fixes the audit finding
https://audits.sherlock.xyz/contests/598/voting/44?dashboard_id=14327c9c7bc843a43c46c4efd899f4c1


### Other changes

no

### Tested

Unit test

### Related issues

- Fixes
[#597](https://github.com/mento-protocol/mento-general/issues/597)
---
 contracts/libraries/TradingLimits.sol   | 2 ++
 test/unit/libraries/TradingLimits.t.sol | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/contracts/libraries/TradingLimits.sol b/contracts/libraries/TradingLimits.sol
index 14e59549..dfde4520 100644
--- a/contracts/libraries/TradingLimits.sol
+++ b/contracts/libraries/TradingLimits.sol
@@ -45,6 +45,7 @@ library TradingLimits {
   uint8 private constant L1 = 2; // 0b010 Limit1
   uint8 private constant LG = 4; // 0b100 LimitGlobal
   int48 private constant MAX_INT48 = type(int48).max;
+  int48 private constant MIN_INT48 = type(int48).min;
 
   /**
    * @notice Validate a trading limit configuration.
@@ -129,6 +130,7 @@ library TradingLimits {
   ) internal view returns (ITradingLimits.State memory) {
     int256 _deltaFlowUnits = _deltaFlow / int256((10 ** uint256(decimals)));
     require(_deltaFlowUnits <= MAX_INT48, "dFlow too large");
+    require(_deltaFlowUnits >= MIN_INT48, "dFlow too small");
 
     int48 deltaFlowUnits = int48(_deltaFlowUnits);
     if (deltaFlowUnits == 0) {
diff --git a/test/unit/libraries/TradingLimits.t.sol b/test/unit/libraries/TradingLimits.t.sol
index 878fdf24..fc99aa2d 100644
--- a/test/unit/libraries/TradingLimits.t.sol
+++ b/test/unit/libraries/TradingLimits.t.sol
@@ -301,6 +301,12 @@ contract TradingLimitsTest is Test {
     state = harness.update(state, configLG(500000), 3 * 10e32, 18);
   }
 
+  function test_update_withTooSmallAmount_reverts() public {
+    int256 tooSmall = (type(int48).min - int256(1)) * 1e18;
+    vm.expectRevert(bytes("dFlow too small"));
+    state = harness.update(state, configLG(500000), tooSmall, 18);
+  }
+
   function test_update_withOverflowOnAdd_reverts() public {
     ITradingLimits.Config memory config = configLG(int48(uint48(2 ** 47)));
     int256 maxFlow = int256(uint256(type(uint48).max / 2));