feat: add pauser

Author: ypatil12

docs/multichain/destination/OperatorTableUpdater.md

@@ -169,7 +169,7 @@ Sets the stake proportion threshold required for confirming global table roots.
 /**
  * @notice Disables a global table root
  * @param globalTableRoot the global table root to disable
- * @dev Only callable by the owner of the contract
+ * @dev Only callable by the pauser
  */
 function disableRoot(
     bytes32 globalTableRoot
@@ -183,7 +183,7 @@ Disables a global table root, preventing further operator table updates against
 * Emits a `GlobalRootDisabled` event
 
 *Requirements*:
-* Caller MUST be the `owner`
+* Caller MUST be the `pauser`
 * The `globalTableRoot` MUST exist and be currently valid
 
 ### `updateGlobalRootConfirmerSet`

pkg/bindings/BN254CertificateVerifier/binding.go

@@ -135,7 +135,7 @@ interface IOperatorTableUpdater is
     /**
      * @notice Disables a global table root
      * @param globalTableRoot the global table root to disable
-     * @dev Only callable by the owner of the contract
+     * @dev Only callable by the pauser
      */
     function disableRoot(
         bytes32 globalTableRoot

pkg/bindings/ECDSACertificateVerifier/binding.go

@@ -5,10 +5,17 @@ import "@openzeppelin-upgrades/contracts/proxy/utils/Initializable.sol";
 import "@openzeppelin-upgrades/contracts/access/OwnableUpgradeable.sol";
 
 import "../libraries/Merkle.sol";
+import "../permissions/Pausable.sol";
 import "../mixins/SemVerMixin.sol";
 import "./OperatorTableUpdaterStorage.sol";
 
-contract OperatorTableUpdater is Initializable, OwnableUpgradeable, OperatorTableUpdaterStorage, SemVerMixin {
+contract OperatorTableUpdater is
+    Initializable,
+    OwnableUpgradeable,
+    Pausable,
+    OperatorTableUpdaterStorage,
+    SemVerMixin
+{
     /**
      *
      *                         INITIALIZING FUNCTIONS
@@ -17,14 +24,20 @@ contract OperatorTableUpdater is Initializable, OwnableUpgradeable, OperatorTabl
     constructor(
         IBN254CertificateVerifier _bn254CertificateVerifier,
         IECDSACertificateVerifier _ecdsaCertificateVerifier,
+        IPauserRegistry _pauserRegistry,
         string memory _version
-    ) OperatorTableUpdaterStorage(_bn254CertificateVerifier, _ecdsaCertificateVerifier) SemVerMixin(_version) {
+    )
+        OperatorTableUpdaterStorage(_bn254CertificateVerifier, _ecdsaCertificateVerifier)
+        Pausable(_pauserRegistry)
+        SemVerMixin(_version)
+    {
         _disableInitializers();
     }
 
     /**
      * @notice Initializes the OperatorTableUpdater
      * @param owner The owner of the OperatorTableUpdater
+     * @param initialPausedStatus The initial paused status of the OperatorTableUpdater
      * @param _globalRootConfirmerSet The operatorSet which certifies against global roots
      * @param _globalRootConfirmationThreshold The threshold, in bps, for a global root to be signed off on and updated
      * @param referenceTimestamp The reference timestamp for the global root confirmer set
@@ -35,13 +48,15 @@ contract OperatorTableUpdater is Initializable, OwnableUpgradeable, OperatorTabl
      */
     function initialize(
         address owner,
+        uint256 initialPausedStatus,
         OperatorSet calldata _globalRootConfirmerSet,
         uint16 _globalRootConfirmationThreshold,
         uint32 referenceTimestamp,
         BN254OperatorSetInfo calldata globalRootConfirmerSetInfo,
         OperatorSetConfig calldata globalRootConfirmerSetConfig
     ) external initializer {
         _transferOwnership(owner);
+        _setPausedStatus(initialPausedStatus);
         _setGlobalRootConfirmerSet(_globalRootConfirmerSet);
         _setGlobalRootConfirmationThreshold(_globalRootConfirmationThreshold);
         _updateGlobalRootConfirmerSet(referenceTimestamp, globalRootConfirmerSetInfo, globalRootConfirmerSetConfig);
@@ -173,7 +188,7 @@ contract OperatorTableUpdater is Initializable, OwnableUpgradeable, OperatorTabl
     /// @inheritdoc IOperatorTableUpdater
     function disableRoot(
         bytes32 globalTableRoot
-    ) external onlyOwner {
+    ) external onlyPauser {
         // Check that the root already exists and is not disabled
         require(_isRootValid[globalTableRoot], InvalidRoot());
 

pkg/bindings/OperatorTableUpdater/binding.go

@@ -44,11 +44,11 @@
     │   └── given that the caller is owner and threshold is valid
     │       └── it should update the threshold & emit GlobalRootConfirmationThresholdUpdated event
     ├── when disableRoot is called
-    │   ├── given that the caller is not the owner
+    │   ├── given that the caller is not the pauser
     │   │   └── it should revert
     │   ├── given that the root is invalid or doesn't exist
     │   │   └── it should revert with InvalidRoot
-    │   └── given that the caller is the owner and root is valid
+    │   └── given that the caller is the pauser and root is valid
     │       └── it should disable the root & emit GlobalRootDisabled event
     ├── when updateGlobalRootConfirmerSet is called
     │   ├── given that the caller is not the owner

src/contracts/interfaces/IOperatorTableUpdater.sol

@@ -46,6 +46,7 @@ contract OperatorTableUpdaterUnitTests is
         operatorTableUpdaterImplementation = new OperatorTableUpdater(
             IBN254CertificateVerifier(address(bn254CertificateVerifierMock)),
             IECDSACertificateVerifier(address(ecdsaCertificateVerifierMock)),
+            pauserRegistry,
             "1.0.0"
         );
 
@@ -55,6 +56,7 @@ contract OperatorTableUpdaterUnitTests is
             abi.encodeWithSelector(
                 OperatorTableUpdater.initialize.selector,
                 address(this), // owner
+                0, // initialPausedStatus
                 globalRootConfirmerSet, // globalRootConfirmerSet
                 GLOBAL_ROOT_CONFIRMATION_THRESHOLD, // globalRootConfirmationThreshold
                 block.timestamp - 1, // referenceTimestamp
@@ -194,6 +196,7 @@ contract OperatorTableUpdaterUnitTests_initialize is OperatorTableUpdaterUnitTes
         cheats.expectRevert("Initializable: contract is already initialized");
         operatorTableUpdater.initialize(
             address(this),
+            uint(0),
             globalRootConfirmerSet,
             GLOBAL_ROOT_CONFIRMATION_THRESHOLD,
             uint32(block.timestamp - 1),
@@ -661,14 +664,14 @@ contract OperatorTableUpdaterUnitTests_setGlobalRootConfirmationThreshold is Ope
 }
 
 contract OperatorTableUpdaterUnitTests_disableRoot is OperatorTableUpdaterUnitTests {
-    function testFuzz_revert_onlyOwner(Randomness r) public rand(r) {
+    function testFuzz_revert_onlyPauser(Randomness r) public rand(r) {
         address invalidCaller = r.Address();
-        cheats.assume(invalidCaller != address(this));
+        cheats.assume(invalidCaller != pauser && invalidCaller != address(this));
         bytes32 globalTableRoot = bytes32(r.Uint256());
 
-        // Should revert when called by non-owner
+        // Should revert when called by non-pauser
         cheats.prank(invalidCaller);
-        cheats.expectRevert("Ownable: caller is not the owner");
+        cheats.expectRevert("Pausable: caller is not the pauser");
         operatorTableUpdater.disableRoot(globalTableRoot);
     }
 
@@ -692,7 +695,8 @@ contract OperatorTableUpdaterUnitTests_disableRoot is OperatorTableUpdaterUnitTe
         // Verify the root is valid
         assertTrue(operatorTableUpdater.isRootValid(globalTableRoot));
 
-        // Disable the root
+        // Disable the root as pauser
+        cheats.prank(pauser);
         cheats.expectEmit(true, true, true, true);
         emit GlobalRootDisabled(globalTableRoot);
         operatorTableUpdater.disableRoot(globalTableRoot);
@@ -754,7 +758,8 @@ contract OperatorTableUpdaterUnitTests_isRootValid is OperatorTableUpdaterUnitTe
         // Should now be valid
         assertTrue(operatorTableUpdater.isRootValid(globalTableRoot));
 
-        // Disable the root
+        // Disable the root as pauser
+        cheats.prank(pauser);
         operatorTableUpdater.disableRoot(globalTableRoot);
 
         // Should now be invalid
@@ -777,7 +782,8 @@ contract OperatorTableUpdaterUnitTests_isRootValid is OperatorTableUpdaterUnitTe
         // Should be valid
         assertTrue(operatorTableUpdater.isRootValidByTimestamp(referenceTimestamp));
 
-        // Disable the root
+        // Disable the root as pauser
+        cheats.prank(pauser);
         operatorTableUpdater.disableRoot(globalTableRoot);
 
         // Should now be invalid when queried by timestamp
@@ -791,7 +797,8 @@ contract OperatorTableUpdaterUnitTests_IntegrationScenarios is OperatorTableUpda
         bytes32 oldGlobalTableRoot = bytes32(uint(1));
         _updateGlobalTableRoot(oldGlobalTableRoot);
 
-        // Step 2: Disable the old root
+        // Step 2: Disable the old root as pauser
+        cheats.prank(pauser);
         operatorTableUpdater.disableRoot(oldGlobalTableRoot);
 
         // Step 3: Set a new global root confirmer set