feat(time_lock): set MAX_TIME_LOCK to 3 month

Squads-Protocol · Sep 24, 2023 · 720ca8c · 720ca8c
1 parent b43d431
commit 720ca8c
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 4 deletions.
diff --git a/programs/squads_multisig_program/src/errors.rs b/programs/squads_multisig_program/src/errors.rs
@@ -62,4 +62,6 @@ pub enum MultisigError {
     UnknownPermission,
     #[msg("Account is protected, it cannot be passed into a CPI as writable")]
     ProtectedAccount,
+    #[msg("Time lock exceeds the maximum allowed (90 days)")]
+    TimeLockExceedsMaxAllowed,
 }
diff --git a/programs/squads_multisig_program/src/instructions/config_transaction_create.rs b/programs/squads_multisig_program/src/instructions/config_transaction_create.rs
@@ -44,7 +44,7 @@ pub struct ConfigTransactionCreate<'info> {
 }
 
 impl ConfigTransactionCreate<'_> {
-    fn validate(&self) -> Result<()> {
+    fn validate(&self, args: &ConfigTransactionCreateArgs) -> Result<()> {
         // multisig
         require_keys_eq!(
             self.multisig.config_authority,
@@ -63,17 +63,30 @@ impl ConfigTransactionCreate<'_> {
             MultisigError::Unauthorized
         );
 
+        // args
+
+        // Config transaction must have at least one action
+        require!(!args.actions.is_empty(), MultisigError::NoActions);
+
+        // time_lock must not exceed the maximum allowed.
+        for action in &args.actions {
+            if let ConfigAction::SetTimeLock { new_time_lock, .. } = action {
+                require!(
+                    *new_time_lock <= MAX_TIME_LOCK,
+                    MultisigError::TimeLockExceedsMaxAllowed
+                );
+            }
+        }
+
         Ok(())
     }
 
     /// Create a new config transaction.
-    #[access_control(ctx.accounts.validate())]
+    #[access_control(ctx.accounts.validate(&args))]
     pub fn config_transaction_create(
         ctx: Context<Self>,
         args: ConfigTransactionCreateArgs,
     ) -> Result<()> {
-        require!(!args.actions.is_empty(), MultisigError::NoActions);
-
         let multisig = &mut ctx.accounts.multisig;
         let transaction = &mut ctx.accounts.transaction;
         let creator = &mut ctx.accounts.creator;

diff --git a/programs/squads_multisig_program/src/state/multisig.rs b/programs/squads_multisig_program/src/state/multisig.rs
@@ -5,6 +5,8 @@ use anchor_lang::system_program;
 
 use crate::errors::*;
 
+pub const MAX_TIME_LOCK: u32 = 3 * 30 * 24 * 60 * 60; // 3 months
+
 #[account]
 pub struct Multisig {
     /// Key that is used to seed the multisig PDA.
@@ -169,6 +171,12 @@ impl Multisig {
             MultisigError::InvalidStaleTransactionIndex
         );
 
+        // Time Lock must not exceed the maximum allowed to prevent bricking the multisig.
+        require!(
+            self.time_lock <= MAX_TIME_LOCK,
+            MultisigError::TimeLockExceedsMaxAllowed
+        );
+
         Ok(())
     }