Merge pull request #444 from rsksmart/feature/FLY-2232

Feature/fly 2232

Author: Hakob23

script/tasks/PauseSystem.s.sol

@@ -138,7 +138,7 @@ contract PauseSystem is Script, AddressResolver {
         _verifyAllContractsUseRegistry(registry);
 
         vm.startBroadcast();
-        registry.pause(reason);
+        registry.setPauseLevel(IPauseRegistry.PauseLevel.Soft, reason);
         vm.stopBroadcast();
 
         console.log(
@@ -157,7 +157,7 @@ contract PauseSystem is Script, AddressResolver {
         _verifyAllContractsUseRegistry(registry);
 
         vm.startBroadcast();
-        registry.unpause();
+        registry.setPauseLevel(IPauseRegistry.PauseLevel.None, "");
         vm.stopBroadcast();
 
         console.log(

src/CollateralManagement.sol

@@ -78,22 +78,28 @@ contract CollateralManagementContract is
     }
 
     /// @inheritdoc ICollateralManagement
-    function addPegInCollateralTo(address addr) external onlyRole(COLLATERAL_ADDER) whenNotPaused payable override {
+    function addPegInCollateralTo(address addr) external onlyRole(COLLATERAL_ADDER) whenNotSoftPaused payable override {
         _addPegInCollateralTo(addr, msg.value);
     }
 
     /// @inheritdoc ICollateralManagement
-    function addPegInCollateral() external whenNotPaused onlyRegisteredForPegIn(msg.sender) payable override {
+    function addPegInCollateral() external whenNotSoftPaused onlyRegisteredForPegIn(msg.sender) payable override {
         _addPegInCollateralTo(msg.sender, msg.value);
     }
 
     /// @inheritdoc ICollateralManagement
-    function addPegOutCollateralTo(address addr) external whenNotPaused onlyRole(COLLATERAL_ADDER) payable override {
+    function addPegOutCollateralTo(address addr)
+        external
+        whenNotSoftPaused
+        onlyRole(COLLATERAL_ADDER)
+        payable
+        override
+    {
         _addPegOutCollateralTo(addr, msg.value);
     }
 
     /// @inheritdoc ICollateralManagement
-    function addPegOutCollateral() external whenNotPaused onlyRegisteredForPegOut(msg.sender) payable override {
+    function addPegOutCollateral() external whenNotSoftPaused onlyRegisteredForPegOut(msg.sender) payable override {
         _addPegOutCollateralTo(msg.sender, msg.value);
     }
 
@@ -153,6 +159,8 @@ contract CollateralManagementContract is
     }
 
     /// @inheritdoc ICollateralManagement
+    /// @dev Intentionally not paused: slashing must remain available so PegIn/PegOut can enforce penalties
+    ///      when they call this during registerPegIn/refundPegOut; a separate pause would cause reverts.
     function slashPegInCollateral(
         address punisher,
         Quotes.PegInQuote calldata quote,
@@ -177,6 +185,8 @@ contract CollateralManagementContract is
     }
 
     /// @inheritdoc ICollateralManagement
+    /// @dev Intentionally not paused: slashing must remain available so PegIn/PegOut can enforce penalties
+    ///      when they call this during registerPegIn/refundPegOut; a separate pause would cause reverts.
     function slashPegOutCollateral(
         address punisher,
         Quotes.PegOutQuote calldata quote,
@@ -201,27 +211,27 @@ contract CollateralManagementContract is
     }
 
     /// @inheritdoc ICollateralManagement
-    function withdrawCollateral() external nonReentrant override {
+    function withdrawCollateral() external nonReentrant whenNotHardPaused override {
         _withdrawCollateralTo(payable(msg.sender));
     }
 
     /// @inheritdoc ICollateralManagement
-    function withdrawCollateral(address payable to) external nonReentrant override {
+    function withdrawCollateral(address payable to) external nonReentrant whenNotHardPaused override {
         _withdrawCollateralTo(to);
     }
 
     /// @inheritdoc ICollateralManagement
-    function withdrawRewards() external nonReentrant override {
+    function withdrawRewards() external nonReentrant whenNotHardPaused override {
         _withdrawRewardsTo(payable(msg.sender));
     }
 
     /// @inheritdoc ICollateralManagement
-    function withdrawRewards(address payable to) external nonReentrant override {
+    function withdrawRewards(address payable to) external nonReentrant whenNotHardPaused override {
         _withdrawRewardsTo(to);
     }
 
     /// @inheritdoc ICollateralManagement
-    function resign() external override {
+    function resign() external whenNotHardPaused override {
         address providerAddress = msg.sender;
         if (_resignationBlockNum[providerAddress] != 0) revert AlreadyResigned(providerAddress);
         if (_pegInCollateral[providerAddress] < 1 && _pegOutCollateral[providerAddress] < 1) {
@@ -308,7 +318,8 @@ contract CollateralManagementContract is
         address providerAddress = msg.sender;
         uint256 resignationBlock = _resignationBlockNum[providerAddress];
         if (resignationBlock < 1) revert NotResigned(providerAddress);
-        if (block.number - resignationBlock < _resignDelayInBlocks) {
+        uint256 pauseBlocks = pauseRegistry().computePauseOverlapBlocks(resignationBlock, block.number);
+        if (block.number - resignationBlock - pauseBlocks < _resignDelayInBlocks) {
             revert ResignationDelayNotMet(providerAddress, resignationBlock, _resignDelayInBlocks);
         }
 

src/EmergencyPause/EmergencyPause.sol

@@ -9,7 +9,10 @@ import {IPauseRegistry} from "../interfaces/IPauseRegistry.sol";
 import {Flyover} from "../libraries/Flyover.sol";
 
 /// @notice Base contract for Flyover contracts that delegate pause state to a central PauseRegistry.
-/// pauseStatus() and whenNotPaused read from the registry. Pause/unpause are done only on the registry.
+/// pauseStatus() and pause-level checks read from the registry. Pause/unpause are done only on the registry.
+/// Uses two modifiers:
+/// - whenNotSoftPaused(): blocks at level >= 1 (soft and hard pause)
+/// - whenNotHardPaused(): blocks at level >= 2 (hard pause only)
 /// Uses namespaced storage; no AccessControl (children that need roles inherit it separately).
 abstract contract EmergencyPause is Initializable, IPausable {
 
@@ -23,9 +26,23 @@ abstract contract EmergencyPause is Initializable, IPausable {
     bytes32 private constant _EMERGENCY_PAUSE_STORAGE =
         0x9231f352ae2e78fc5cd04a185b8fc917dd5cf9947923b7000e25955769a61f00;
 
-    /// @notice Modifier that reverts if the system is paused (reads from PauseRegistry)
-    modifier whenNotPaused() {
-        if (_getEmergencyPauseStorage().pauseRegistry.paused()) {
+    /// @notice Reverts at pause level >= 1 (soft pause: no new business)
+    modifier whenNotSoftPaused() {
+        if (
+            _getEmergencyPauseStorage().pauseRegistry.pauseLevel() >=
+            IPauseRegistry.PauseLevel.Soft
+        ) {
+            revert Flyover.EnforcedPause();
+        }
+        _;
+    }
+
+    /// @notice Reverts at pause level >= 2 (hard pause: full freeze)
+    modifier whenNotHardPaused() {
+        if (
+            _getEmergencyPauseStorage().pauseRegistry.pauseLevel() >=
+            IPauseRegistry.PauseLevel.Hard
+        ) {
             revert Flyover.EnforcedPause();
         }
         _;

src/FlyoverDiscovery.sol

@@ -66,7 +66,7 @@ contract FlyoverDiscovery is
         string calldata apiBaseUrl,
         bool status,
         Flyover.ProviderType providerType
-    ) external payable whenNotPaused returns (uint) {
+    ) external payable whenNotSoftPaused returns (uint) {
 
        _validateRegistration(name, apiBaseUrl, providerType, msg.sender, msg.value);
 
@@ -103,7 +103,7 @@ contract FlyoverDiscovery is
     }
 
     /// @inheritdoc IFlyoverDiscovery
-    function updateProvider(string calldata name, string calldata apiBaseUrl) external whenNotPaused {
+    function updateProvider(string calldata name, string calldata apiBaseUrl) external whenNotHardPaused {
         if (bytes(name).length < 1 || bytes(apiBaseUrl).length < 1) revert InvalidProviderData(name, apiBaseUrl);
         address providerAddress = msg.sender;
         uint providerId = _providerIdByAddress[providerAddress];

src/PauseRegistry.sol

@@ -10,8 +10,8 @@ import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Ini
 import {IPauseRegistry} from "./interfaces/IPauseRegistry.sol";
 
 /// @title PauseRegistry
-/// @notice Centralized registry for pause state; all Flyover contracts read from here
-/// @dev Only accounts with PAUSER_ROLE can pause/unpause. Uses namespaced storage.
+/// @notice Centralized registry for pause state; all Flyover contracts read from here.
+/// @dev Level 0 = normal, 1 = soft (no new business), 2 = hard (full freeze). Uses namespaced storage.
 contract PauseRegistry is
     Initializable,
     AccessControlDefaultAdminRulesUpgradeable,
@@ -20,8 +20,17 @@ contract PauseRegistry is
     /// @custom:storage-location erc7201:rsk.flyover.PauseRegistry
     struct PauseRegistryStorage {
         bool paused;
+        IPauseRegistry.PauseLevel pauseLevel;
         uint64 pauseTimestamp;
         string pauseReason;
+        HardPause[] hardPauses;
+    }
+
+    struct HardPause {
+        uint64 startTimestamp;
+        uint64 endTimestamp; // 0 while ongoing
+        uint64 startBlock;
+        uint64 endBlock; // 0 while ongoing
     }
 
     bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
@@ -46,28 +55,35 @@ contract PauseRegistry is
     }
 
     /// @inheritdoc IPauseRegistry
-    function pause(string calldata reason) external onlyRole(PAUSER_ROLE) {
-        PauseRegistryStorage storage $ = _getPauseRegistryStorage();
-        if ($.paused) return;
-        $.paused = true;
-        $.pauseReason = reason;
-        $.pauseTimestamp = uint64(block.timestamp);
-        emit EmergencyPaused(msg.sender, reason);
+    function setPauseLevel(
+        IPauseRegistry.PauseLevel level,
+        string calldata reason
+    ) external onlyRole(PAUSER_ROLE) {
+        _setPauseLevelWithReason(level, reason);
     }
 
-    /// @inheritdoc IPauseRegistry
-    function unpause() external onlyRole(PAUSER_ROLE) {
+    function _setPauseLevelWithReason(
+        IPauseRegistry.PauseLevel level,
+        string memory reason
+    ) internal {
         PauseRegistryStorage storage $ = _getPauseRegistryStorage();
-        if (!$.paused) return;
-        $.paused = false;
-        $.pauseReason = "";
-        $.pauseTimestamp = 0;
-        emit EmergencyUnpaused(msg.sender);
+        bool wasPaused = $.pauseLevel != IPauseRegistry.PauseLevel.None;
+        if (level != IPauseRegistry.PauseLevel.None) {
+            $.pauseReason = reason;
+        }
+        _setPauseLevel(level);
+        bool isPaused = level != IPauseRegistry.PauseLevel.None;
+        if (!wasPaused && isPaused) {
+            emit EmergencyPaused(msg.sender, $.pauseReason);
+        } else if (wasPaused && !isPaused) {
+            emit EmergencyUnpaused(msg.sender);
+        }
     }
 
     /// @inheritdoc IPauseRegistry
     function paused() external view returns (bool) {
-        return _getPauseRegistryStorage().paused;
+        PauseRegistryStorage storage $ = _getPauseRegistryStorage();
+        return $.pauseLevel != IPauseRegistry.PauseLevel.None;
     }
 
     /// @inheritdoc IPauseRegistry
@@ -77,7 +93,132 @@ contract PauseRegistry is
         returns (bool isPaused, string memory reason, uint64 since)
     {
         PauseRegistryStorage storage $ = _getPauseRegistryStorage();
-        return ($.paused, $.pauseReason, $.pauseTimestamp);
+        isPaused = $.pauseLevel != IPauseRegistry.PauseLevel.None;
+        reason = $.pauseReason;
+        since = $.pauseTimestamp;
+    }
+
+    /// @inheritdoc IPauseRegistry
+    function pauseLevel() external view returns (IPauseRegistry.PauseLevel) {
+        return _getPauseRegistryStorage().pauseLevel;
+    }
+
+    /// @inheritdoc IPauseRegistry
+    function hardPausesCount() external view returns (uint256) {
+        return _getPauseRegistryStorage().hardPauses.length;
+    }
+
+    /// @inheritdoc IPauseRegistry
+    function hardPauses(uint256 index)
+        external
+        view
+        returns (
+            uint64 startTimestamp,
+            uint64 endTimestamp,
+            uint64 startBlock,
+            uint64 endBlock
+        )
+    {
+        HardPause storage p = _getPauseRegistryStorage().hardPauses[index];
+        return (p.startTimestamp, p.endTimestamp, p.startBlock, p.endBlock);
+    }
+
+    /// @inheritdoc IPauseRegistry
+    function computePauseOverlap(uint256 startTimestamp, uint256 endTimestamp)
+        external
+        view
+        returns (uint256 totalPauseTime)
+    {
+        HardPause[] storage pauses = _getPauseRegistryStorage().hardPauses;
+        uint256 n = pauses.length;
+        for (uint256 i = n; i > 0;) {
+            unchecked {
+                --i;
+            }
+            HardPause storage p = pauses[i];
+            uint64 pEnd = p.endTimestamp;
+            if (pEnd != 0 && !(pEnd > startTimestamp)) break;
+            uint256 effectiveStart = startTimestamp;
+            if (p.startTimestamp > effectiveStart) effectiveStart = p.startTimestamp;
+            uint256 effectiveEnd = endTimestamp;
+            uint256 pEndOrNow = pEnd == 0 ? block.timestamp : pEnd;
+            if (pEndOrNow < effectiveEnd) effectiveEnd = pEndOrNow;
+            if (effectiveEnd > effectiveStart) {
+                totalPauseTime += effectiveEnd - effectiveStart;
+            }
+        }
+    }
+
+    /// @inheritdoc IPauseRegistry
+    function computePauseOverlapBlocks(uint256 startBlock, uint256 endBlock)
+        external
+        view
+        returns (uint256 totalPauseBlocks)
+    {
+        HardPause[] storage pauses = _getPauseRegistryStorage().hardPauses;
+        uint256 n = pauses.length;
+        for (uint256 i = n; i > 0;) {
+            unchecked {
+                --i;
+            }
+            HardPause storage p = pauses[i];
+            uint64 pEndBlock = p.endBlock;
+            if (pEndBlock != 0 && !(pEndBlock > startBlock)) break;
+            uint256 effectiveStart = startBlock;
+            if (p.startBlock > effectiveStart) effectiveStart = p.startBlock;
+            uint256 effectiveEnd = endBlock;
+            uint256 pEndOrNow = pEndBlock == 0 ? block.number : pEndBlock;
+            if (pEndOrNow < effectiveEnd) effectiveEnd = pEndOrNow;
+            if (effectiveEnd > effectiveStart) {
+                totalPauseBlocks += effectiveEnd - effectiveStart;
+            }
+        }
+    }
+
+    function _setPauseLevel(IPauseRegistry.PauseLevel level) internal {
+        PauseRegistryStorage storage $ = _getPauseRegistryStorage();
+        IPauseRegistry.PauseLevel prev = IPauseRegistry.PauseLevel($.pauseLevel);
+        $.pauseLevel = level;
+        $.paused = (level != IPauseRegistry.PauseLevel.None);
+        if (
+            prev == IPauseRegistry.PauseLevel.None &&
+            level != IPauseRegistry.PauseLevel.None
+        ) {
+            $.pauseTimestamp = uint64(block.timestamp);
+        } else if (
+            prev != IPauseRegistry.PauseLevel.None &&
+            level == IPauseRegistry.PauseLevel.None
+        ) {
+            $.pauseTimestamp = 0;
+            $.pauseReason = "";
+        }
+
+        if (
+            prev == IPauseRegistry.PauseLevel.Hard &&
+            level != IPauseRegistry.PauseLevel.Hard
+        ) {
+            HardPause[] storage pauses = $.hardPauses;
+            uint256 len = pauses.length;
+            if (len > 0) {
+                HardPause storage last = pauses[len - 1];
+                if (last.endTimestamp == 0) {
+                    last.endTimestamp = uint64(block.timestamp);
+                    last.endBlock = uint64(block.number);
+                }
+            }
+        } else if (
+            prev != IPauseRegistry.PauseLevel.Hard &&
+            level == IPauseRegistry.PauseLevel.Hard
+        ) {
+            $.hardPauses.push(
+                HardPause({
+                    startTimestamp: uint64(block.timestamp),
+                    endTimestamp: 0,
+                    startBlock: uint64(block.number),
+                    endBlock: 0
+                })
+            );
+        }
     }
 
     function _getPauseRegistryStorage()
@@ -89,4 +230,5 @@ contract PauseRegistry is
             $.slot := _PAUSE_REGISTRY_STORAGE
         }
     }
+
 }