defi-wonderland · xorsal · Dec 10, 2024 · ashitakah · Dec 16, 2024 · xorsal
diff --git a/solidity/contracts/Oracle.sol b/solidity/contracts/Oracle.sol
@@ -313,6 +313,11 @@ contract Oracle is IOracle, OracleAccessController {
     if (msg.sender != _request.disputeModule && msg.sender != _request.resolutionModule) {
       revert Oracle_NotDisputeOrResolutionModule(msg.sender);
     }
+
+    if (msg.sender == _request.resolutionModule && _status <= DisputeStatus.Escalated) {
+      revert Oracle_InvalidStatusUpdate();
+    }
+
     disputeStatus[_disputeId] = _status;
     IDisputeModule(_request.disputeModule).onDisputeStatusChange(_disputeId, _request, _response, _dispute);
 

diff --git a/solidity/interfaces/IOracle.sol b/solidity/interfaces/IOracle.sol
@@ -168,6 +168,11 @@ interface IOracle is IOracleAccessController {
    */
   error Oracle_InvalidDisputer();
 
+  /**
+   * @notice Thrown when a resolution module updates the status of a dispute to an invalid status
+   */
+  error Oracle_InvalidStatusUpdate();
+
   /*///////////////////////////////////////////////////////////////
                               ENUMS
   //////////////////////////////////////////////////////////////*/

diff --git a/solidity/test/unit/Oracle.t.sol b/solidity/test/unit/Oracle.t.sol
@@ -826,6 +826,28 @@ contract Oracle_Unit_UpdateDisputeStatus is BaseTest {
   /**
    * @notice If the dispute does not exist, the call should revert
    */
+  function test_updateDisputeStatus_revertsIfResolutionStatusIsInvalid(uint256 _newStatus) public {
+    // 0 to 3 status, from status None to Escalated.
+    _newStatus = bound(_newStatus, 0, 2);
+
+    bytes32 _disputeId = _getId(mockDispute);
+    bytes32 _responseId = _getId(mockResponse);
+
+    // Mock the dispute
+    oracle.mock_setDisputeOf(_responseId, _disputeId);
+    oracle.mock_setDisputeCreatedAt(_disputeId, block.timestamp);
+
+    // Check: revert?
+    vm.expectRevert(IOracle.Oracle_InvalidStatusUpdate.selector);
+
+    // Test: resolution module updates to an invalid status
+    vm.prank(address(resolutionModule));
+    oracle.updateDisputeStatus(mockRequest, mockResponse, mockDispute, IOracle.DisputeStatus(_newStatus));
+  }
+
+  /**
+   * @notice If a resolution modules tries to update the dispute's status to a status that is not allowed, the call should revert
+   */
   function test_updateDisputeStatus_revertsIfInvalidDispute() public {
     bytes32 _disputeId = _getId(mockDispute);