@@ -35,7 +35,6 @@ contract AgreementManager is Initializable, UUPSUpgradeable, AccessControlledUpg
3535 ILedgerVault public immutable LEDGER_VAULT;
3636 //slither-disable-end naming-convention
3737
38- uint256 constant MAX_EXCESS = 13 ; // 1..13=91%, 14=>105%
3938 /// @notice Maximum allowed number of parties per agreement.
4039 /// @dev Can be updated by admin to adapt system limits.
4140 uint256 private _maxParties;
@@ -160,8 +159,8 @@ contract AgreementManager is Initializable, UUPSUpgradeable, AccessControlledUpg
160159 // which could lead to abuse or exploitation.
161160 uint256 baseFees = _calcFees (amount, arbiter, currency);
162161 // Even if we are covered by gas fees, during execution a good way to avoid abuse
163- // is penalize parties after N length eg. The max parties allowed is 5, any extra
164- // parties are charged with a extra * fee . Denial of Service risk mitigation..
162+ // is penalize parties after N length eg. The initial max parties allowed is 5, any extra
163+ // parties are charged with an extra. Denial of Service risk mitigation..
165164 uint256 penalization = _calculatePenalization (parties.length , amount);
166165 uint256 totalToLock = amount + penalization;
167166
@@ -196,15 +195,10 @@ contract AgreementManager is Initializable, UUPSUpgradeable, AccessControlledUpg
196195
197196 /// @dev Calculates the penalization based on parties len and total amount
198197 function _calculatePenalization (uint256 partiesLen , uint256 amount ) private view returns (uint256 penalization ) {
199- uint256 hardCap = _maxParties + MAX_EXCESS;
200- if (partiesLen > hardCap) revert ExceedsMaxParties ();
201-
202- // soft cap validation, economic penalization
203- if (partiesLen > _maxParties) {
204- uint256 excess = partiesLen - _maxParties;
205- uint256 multiplierBps = _penaltyBps (excess);
206- penalization = amount.perOf (multiplierBps);
207- }
198+ if (partiesLen <= _maxParties) return 0 ;
199+ uint256 excess = partiesLen - _maxParties;
200+ uint256 multiplierBps = _penaltyBps (excess);
201+ penalization = amount.perOf (multiplierBps);
208202 }
209203
210204 /// @dev Computes the penalty BPS as a arithmetic succession.
@@ -219,6 +213,11 @@ contract AgreementManager is Initializable, UUPSUpgradeable, AccessControlledUpg
219213 unchecked {
220214 penaltyBps = ((excess * (excess + 1 )) / 2 ) * 100 ;
221215 }
216+
217+ // strict hard cap revert if bps > 10_0000
218+ if (penaltyBps > C.BPS_MAX) {
219+ revert ExceedsMaxParties ();
220+ }
222221 }
223222
224223 /// @notice Calculates the fee based on the provided total amount, agent, and currency.
0 commit comments