From 116b3a15fc4f3854fb262f4e172063975fcb67d7 Mon Sep 17 00:00:00 2001
From: Duncan Townsend <git@duncancmt.com>
Date: Thu, 11 Jan 2024 19:46:31 -0500
Subject: [PATCH] Prohibit questionable authorized/expiry combinations

---
 src/deployer/Deployer.sol    | 1 +
 test/deployer/Deployer.t.sol | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/deployer/Deployer.sol b/src/deployer/Deployer.sol
index 5aa68117e..eefb23595 100644
--- a/src/deployer/Deployer.sol
+++ b/src/deployer/Deployer.sol
@@ -94,6 +94,7 @@ contract Deployer is TwoStepOwnable, IERC721ViewMetadata {
     error FeatureNotInitialized(uint128);
 
     function authorize(uint128 feature, address who, uint96 expiry) public onlyOwner returns (bool) {
+        require((who == address(0)) == (expiry == 0));
         if (feature == 0) {
             Panic.panic(Panic.ARITHMETIC_OVERFLOW);
         }
diff --git a/test/deployer/Deployer.t.sol b/test/deployer/Deployer.t.sol
index e857f3cd1..395cf901b 100644
--- a/test/deployer/Deployer.t.sol
+++ b/test/deployer/Deployer.t.sol
@@ -64,10 +64,10 @@ contract DeployerTest is Test {
         deployer.setDescription(1, "nothing to see here");
         deployer.authorize(1, auth, uint96(block.timestamp + 1 days));
         vm.expectEmit(true, true, false, true, address(deployer));
-        emit Authorized(1, auth, 0);
-        assertTrue(deployer.authorize(1, auth, 0));
+        emit Authorized(1, address(0), 0);
+        assertTrue(deployer.authorize(1, address(0), 0));
         (address who, uint96 expiry) = deployer.authorized(1);
-        assertEq(who, auth);
+        assertEq(who, address(0));
         assertEq(expiry, 0);
     }