From bf2266a5a1ca0ef5824b89b6ee8ef00919dd6f22 Mon Sep 17 00:00:00 2001
From: Jun Kimura <jun.kimura@datachain.jp>
Date: Tue, 26 Nov 2024 21:06:30 +0900
Subject: [PATCH] S2-3: improve validations for
 `clientState.allowed_quote_statuses` and `clientState.allowed_advisory_ids`

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>
---
 contracts/ILCPClientErrors.sol |  2 ++
 contracts/LCPClientBase.sol    | 14 ++++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/contracts/ILCPClientErrors.sol b/contracts/ILCPClientErrors.sol
index aa41eaf..be2b1dd 100644
--- a/contracts/ILCPClientErrors.sol
+++ b/contracts/ILCPClientErrors.sol
@@ -12,6 +12,8 @@ interface ILCPClientErrors {
     error LCPClientClientStateInvalidOperatorAddressLength();
     error LCPClientClientStateInvalidOperatorsNonce();
     error LCPClientClientStateUnexpectedOperatorsNonce(uint64 expectedNonce);
+    error LCPClientClientStateInvalidAllowedQuoteStatus();
+    error LCPClientClientStateInvalidAllowedAdvisoryId();
 
     error LCPClientOperatorsInvalidOrder(address prevOperator, address nextOperator);
     error LCPClientClientStateInvalidOperatorsThreshold();
diff --git a/contracts/LCPClientBase.sol b/contracts/LCPClientBase.sol
index e6e215c..a104c3e 100644
--- a/contracts/LCPClientBase.sol
+++ b/contracts/LCPClientBase.sol
@@ -169,12 +169,18 @@ abstract contract LCPClientBase is ILightClient, ILCPClientErrors {
 
         // set allowed quote status and advisories
         for (uint256 i = 0; i < clientState.allowed_quote_statuses.length; i++) {
-            clientStorage.allowedStatuses.allowedQuoteStatuses[clientState.allowed_quote_statuses[i]] =
-                AVRValidator.FLAG_ALLOWED;
+            string memory allowedQuoteStatus = clientState.allowed_quote_statuses[i];
+            if (bytes(allowedQuoteStatus).length == 0) {
+                revert LCPClientClientStateInvalidAllowedQuoteStatus();
+            }
+            clientStorage.allowedStatuses.allowedQuoteStatuses[allowedQuoteStatus] = AVRValidator.FLAG_ALLOWED;
         }
         for (uint256 i = 0; i < clientState.allowed_advisory_ids.length; i++) {
-            clientStorage.allowedStatuses.allowedAdvisories[clientState.allowed_advisory_ids[i]] =
-                AVRValidator.FLAG_ALLOWED;
+            string memory allowedAdvisoryId = clientState.allowed_advisory_ids[i];
+            if (bytes(allowedAdvisoryId).length == 0) {
+                revert LCPClientClientStateInvalidAllowedAdvisoryId();
+            }
+            clientStorage.allowedStatuses.allowedAdvisories[allowedAdvisoryId] = AVRValidator.FLAG_ALLOWED;
         }
 
         return clientState.latest_height;