diff --git a/pool-factory/src/pool_factory.rs b/pool-factory/src/pool_factory.rs
index d3e6a8a8..298021e8 100644
--- a/pool-factory/src/pool_factory.rs
+++ b/pool-factory/src/pool_factory.rs
@@ -79,6 +79,11 @@ impl PoolFactory for PoolFactoryContract {
             panic_with_error!(&e, PoolFactoryError::InvalidPoolInitArgs);
         }
 
+        // verify max positions is at least 2
+        if max_positions < 2 {
+            panic_with_error!(&e, PoolFactoryError::InvalidPoolInitArgs);
+        }
+
         let mut as_u8s: [u8; 56] = [0; 56];
         admin.to_string().copy_into_slice(&mut as_u8s);
         let mut salt_as_bytes: Bytes = salt.into_val(&e);
diff --git a/pool-factory/src/test.rs b/pool-factory/src/test.rs
index 43af08b3..987bbd84 100644
--- a/pool-factory/src/test.rs
+++ b/pool-factory/src/test.rs
@@ -132,7 +132,7 @@ fn test_pool_factory() {
 
 #[test]
 #[should_panic(expected = "Error(Contract, #1300)")]
-fn test_pool_factory_invalid_pool_init_args() {
+fn test_pool_factory_invalid_pool_init_args_backstop_rate() {
     let e = Env::default();
     e.budget().reset_unlimited();
     e.mock_all_auths_allowing_non_root_auth();
@@ -170,6 +170,46 @@ fn test_pool_factory_invalid_pool_init_args() {
     );
 }
 
+#[test]
+#[should_panic(expected = "Error(Contract, #1300)")]
+fn test_pool_factory_invalid_pool_init_args_max_positions() {
+    let e = Env::default();
+    e.budget().reset_unlimited();
+    e.mock_all_auths_allowing_non_root_auth();
+    let (_, pool_factory_client) = create_pool_factory(&e);
+
+    let wasm_hash = e.deployer().upload_contract_wasm(pool::WASM);
+
+    let backstop_id = Address::generate(&e);
+    let blnd_id = Address::generate(&e);
+    let usdc_id = Address::generate(&e);
+
+    let pool_init_meta = PoolInitMeta {
+        backstop: backstop_id.clone(),
+        pool_hash: wasm_hash.clone(),
+        blnd_id: blnd_id.clone(),
+        usdc_id: usdc_id.clone(),
+    };
+    pool_factory_client.initialize(&pool_init_meta);
+
+    let bombadil = Address::generate(&e);
+    let oracle = Address::generate(&e);
+    let backstop_rate: u32 = 0_1000000;
+    let max_positions: u32 = 1;
+
+    let name1 = Symbol::new(&e, "pool1");
+    let salt = BytesN::<32>::random(&e);
+
+    pool_factory_client.deploy(
+        &bombadil,
+        &name1,
+        &salt,
+        &oracle,
+        &backstop_rate,
+        &max_positions,
+    );
+}
+
 #[test]
 fn test_pool_factory_frontrun_protection() {
     let e = Env::default();
diff --git a/pool/src/pool/config.rs b/pool/src/pool/config.rs
index 4f3df250..3b2a9f62 100644
--- a/pool/src/pool/config.rs
+++ b/pool/src/pool/config.rs
@@ -33,6 +33,11 @@ pub fn execute_initialize(
         panic_with_error!(e, PoolError::InvalidPoolInitArgs);
     }
 
+    // verify max positions is at least 2
+    if *max_positions < 2 {
+        panic_with_error!(&e, PoolError::InvalidPoolInitArgs);
+    }
+
     storage::set_admin(e, admin);
     storage::set_name(e, name);
     storage::set_backstop(e, backstop_address);
@@ -289,10 +294,28 @@ mod tests {
                 &blnd_id,
                 &usdc_id,
             );
+        });
+    }
+
+    #[test]
+    #[should_panic(expected = "Error(Contract, #1201)")]
+    fn test_execute_initialize_bad_max_positions() {
+        let e = Env::default();
+        let pool = testutils::create_pool(&e);
 
+        let admin = Address::generate(&e);
+        let name = Symbol::new(&e, "pool_name");
+        let oracle = Address::generate(&e);
+        let bstop_rate = 0_1000000;
+        let max_positions = 1;
+        let backstop_address = Address::generate(&e);
+        let blnd_id = Address::generate(&e);
+        let usdc_id = Address::generate(&e);
+
+        e.as_contract(&pool, || {
             execute_initialize(
                 &e,
-                &Address::generate(&e),
+                &admin,
                 &name,
                 &oracle,
                 &bstop_rate,