Make PoolAcessControl paused when protocol is paused (#142)

* Make PoolAcessControl paused when protocol is paused * Formatting
circlefin · Dec 8, 2022 · b58d863 · b58d863
1 parent 1a207e7
commit b58d863
Show file tree

Hide file tree

Showing 3 changed files with 211 additions and 11 deletions.
diff --git a/contracts/permissioned/PoolAccessControl.sol b/contracts/permissioned/PoolAccessControl.sol
@@ -71,7 +71,18 @@ contract PoolAccessControl is
     }
 
     /**
-     * @dev The initializer for the PoolAccessControl contract
+     * @dev Modifier that requires the protocol not be paused.
+     */
+    modifier onlyNotPaused() {
+        require(
+            !_pool.serviceConfiguration().paused(),
+            "PoolAccessControl: Protocol paused"
+        );
+        _;
+    }
+
+    /**
+     * @dev The constructor for the PoolAccessControl contract
      */
     function initialize(address pool, address tosAcceptanceRegistry)
         public
@@ -99,7 +110,11 @@ contract PoolAccessControl is
      *
      * Emits an {AllowedParticipantListUpdated} event.
      */
-    function allowParticipant(address addr) external onlyPoolAdmin {
+    function allowParticipant(address addr)
+        external
+        onlyNotPaused
+        onlyPoolAdmin
+    {
         require(
             _tosRegistry.hasAccepted(addr),
             "Pool: participant not accepted ToS"
@@ -113,8 +128,43 @@ contract PoolAccessControl is
      *
      * Emits an {AllowedParticipantListUpdated} event.
      */
-    function removeParticipant(address addr) external onlyPoolAdmin {
+    function removeParticipant(address addr)
+        external
+        onlyNotPaused
+        onlyPoolAdmin
+    {
         delete _allowedParticipants[addr];
         emit ParticipantRemoved(addr);
     }
+
+    function addTrustedVerifier(address addr) public override onlyNotPaused {
+        super.addTrustedVerifier(addr);
+    }
+
+    function removeTrustedVerifier(address addr) public override onlyNotPaused {
+        super.removeTrustedVerifier(addr);
+    }
+
+    function addCredentialSchema(string calldata schema)
+        public
+        override
+        onlyNotPaused
+    {
+        super.addCredentialSchema(schema);
+    }
+
+    function removeCredentialSchema(string calldata schema)
+        public
+        override
+        onlyNotPaused
+    {
+        super.removeCredentialSchema(schema);
+    }
+
+    function verify(
+        VerificationResult memory verificationResult,
+        bytes memory signature
+    ) public override onlyNotPaused {
+        super.verify(verificationResult, signature);
+    }
 }
diff --git a/contracts/permissioned/VeriteAccessControl.sol b/contracts/permissioned/VeriteAccessControl.sol
@@ -59,7 +59,7 @@ abstract contract VeriteAccessControl is
     /**
      * @inheritdoc IVeriteAccessControl
      */
-    function addTrustedVerifier(address addr) external onlyVeriteAdmin {
+    function addTrustedVerifier(address addr) public virtual onlyVeriteAdmin {
         _trustedVerifiers[addr] = true;
 
         emit TrustedVerifierAdded(addr);
@@ -68,7 +68,11 @@ abstract contract VeriteAccessControl is
     /**
      * @inheritdoc IVeriteAccessControl
      */
-    function removeTrustedVerifier(address addr) external onlyVeriteAdmin {
+    function removeTrustedVerifier(address addr)
+        public
+        virtual
+        onlyVeriteAdmin
+    {
         delete _trustedVerifiers[addr];
 
         emit TrustedVerifierRemoved(addr);
@@ -78,7 +82,8 @@ abstract contract VeriteAccessControl is
      * @inheritdoc IVeriteAccessControl
      */
     function addCredentialSchema(string calldata schema)
-        external
+        public
+        virtual
         onlyVeriteAdmin
     {
         _supportedCredentialSchemas[schema] = true;
@@ -90,7 +95,8 @@ abstract contract VeriteAccessControl is
      * @inheritdoc IVeriteAccessControl
      */
     function removeCredentialSchema(string calldata schema)
-        external
+        public
+        virtual
         onlyVeriteAdmin
     {
         delete _supportedCredentialSchemas[schema];
@@ -119,7 +125,7 @@ abstract contract VeriteAccessControl is
     function verify(
         VerificationResult memory verificationResult,
         bytes memory signature
-    ) external onlyVeriteEligible {
+    ) public virtual onlyVeriteEligible {
         require(verificationResult.subject == msg.sender, "SUBJECT_MISMATCH");
 
         // Ensure the result has a supported schema

diff --git a/test/permissioned/PoolAccessControl.test.ts b/test/permissioned/PoolAccessControl.test.ts
@@ -7,7 +7,7 @@ import { getSignedVerificationResult } from "../support/verite";
 
 describe("PoolAccessControl", () => {
   async function deployFixture() {
-    const { operator, poolAdmin, deployer, otherAccounts } =
+    const { operator, deployer, poolAdmin, otherAccounts, pauser } =
       await getCommonSigners();
 
     const verifier = otherAccounts[0];
@@ -17,7 +17,8 @@ describe("PoolAccessControl", () => {
       pool,
       tosAcceptanceRegistry,
       poolAccessControlFactory,
-      poolAccessControlImpl
+      poolAccessControlImpl,
+      serviceConfiguration
     } = await deployPermissionedPool({
       poolAdmin
     });
@@ -33,14 +34,16 @@ describe("PoolAccessControl", () => {
 
     return {
       deployer,
+      pauser,
       poolAdmin,
       verifier,
       poolParticipant,
       otherAccounts,
       poolAccessControl,
       tosAcceptanceRegistry,
       poolAccessControlFactory,
-      poolAccessControlImpl
+      poolAccessControlImpl,
+      serviceConfiguration
     };
   }
 
@@ -166,6 +169,25 @@ describe("PoolAccessControl", () => {
   });
 
   describe("allowParticipant()", () => {
+    it("reverts if the protocol is paused", async () => {
+      const {
+        poolAccessControl,
+        poolAdmin,
+        poolParticipant,
+        serviceConfiguration,
+        pauser
+      } = await loadFixture(deployFixture);
+
+      // Pause Protocol
+      await serviceConfiguration.connect(pauser).setPaused(true);
+
+      await expect(
+        poolAccessControl
+          .connect(poolAdmin)
+          .allowParticipant(poolParticipant.address)
+      ).to.be.revertedWith("PoolAccessControl: Protocol paused");
+    });
+
     it("requires the participant agreed to the ToS", async () => {
       const { poolAccessControl, poolAdmin, poolParticipant } =
         await loadFixture(deployFixture);
@@ -200,6 +222,25 @@ describe("PoolAccessControl", () => {
   });
 
   describe("removeParticipant()", () => {
+    it("reverts if the protocol is paused", async () => {
+      const {
+        poolAccessControl,
+        poolAdmin,
+        poolParticipant,
+        serviceConfiguration,
+        pauser
+      } = await loadFixture(deployFixture);
+
+      // Pause Protocol
+      await serviceConfiguration.connect(pauser).setPaused(true);
+
+      await expect(
+        poolAccessControl
+          .connect(poolAdmin)
+          .removeParticipant(poolParticipant.address)
+      ).to.be.revertedWith("PoolAccessControl: Protocol paused");
+    });
+
     it("removes a participant", async () => {
       const { poolAccessControl, poolAdmin, poolParticipant } =
         await loadFixture(deployFixture);
@@ -215,6 +256,25 @@ describe("PoolAccessControl", () => {
   });
 
   describe("addTrustedVerifier()", () => {
+    it("reverts if the protocol is paused", async () => {
+      const {
+        poolAccessControl,
+        poolAdmin,
+        verifier,
+        serviceConfiguration,
+        pauser
+      } = await loadFixture(deployFixture);
+
+      // Pause Protocol
+      await serviceConfiguration.connect(pauser).setPaused(true);
+
+      await expect(
+        poolAccessControl
+          .connect(poolAdmin)
+          .addTrustedVerifier(verifier.address)
+      ).to.be.revertedWith("PoolAccessControl: Protocol paused");
+    });
+
     it("adds a new verifier", async () => {
       const { poolAccessControl, poolAdmin, verifier } = await loadFixture(
         deployFixture
@@ -231,6 +291,24 @@ describe("PoolAccessControl", () => {
   });
 
   describe("removeTrustedVerifier()", () => {
+    it("reverts if protocol is paused", async () => {
+      const {
+        poolAccessControl,
+        poolAdmin,
+        verifier,
+        serviceConfiguration,
+        pauser
+      } = await loadFixture(deployFixture);
+
+      await serviceConfiguration.connect(pauser).setPaused(true);
+
+      await expect(
+        poolAccessControl
+          .connect(poolAdmin)
+          .removeTrustedVerifier(verifier.address)
+      ).to.be.revertedWith("PoolAccessControl: Protocol paused");
+    });
+
     it("removes a verifier", async () => {
       const { poolAccessControl, poolAdmin, verifier } = await loadFixture(
         deployFixture
@@ -247,6 +325,17 @@ describe("PoolAccessControl", () => {
   });
 
   describe("addCredentialSchema()", () => {
+    it("reverts if the protocol is paused", async () => {
+      const { poolAccessControl, poolAdmin, serviceConfiguration, pauser } =
+        await loadFixture(deployFixture);
+
+      await serviceConfiguration.connect(pauser).setPaused(true);
+
+      await expect(
+        poolAccessControl.connect(poolAdmin).addCredentialSchema("schema://kyc")
+      ).to.be.revertedWith("PoolAccessControl: Protocol paused");
+    });
+
     it("adds a new verifier", async () => {
       const { poolAccessControl, poolAdmin } = await loadFixture(deployFixture);
 
@@ -259,6 +348,19 @@ describe("PoolAccessControl", () => {
   });
 
   describe("removeCredentialSchema()", () => {
+    it("reverts if the protocol is paused", async () => {
+      const { poolAccessControl, poolAdmin, serviceConfiguration, pauser } =
+        await loadFixture(deployFixture);
+
+      await serviceConfiguration.connect(pauser).setPaused(true);
+
+      await expect(
+        poolAccessControl
+          .connect(poolAdmin)
+          .removeCredentialSchema("schema://kyc")
+      ).to.be.revertedWith("PoolAccessControl: Protocol paused");
+    });
+
     it("removes a verifier", async () => {
       const { poolAccessControl, poolAdmin } = await loadFixture(deployFixture);
 
@@ -273,6 +375,48 @@ describe("PoolAccessControl", () => {
   });
 
   describe("verify()", () => {
+    it("reverts if the protocol is paused", async () => {
+      const {
+        poolAccessControl,
+        poolParticipant,
+        verifier,
+        tosAcceptanceRegistry,
+        poolAdmin,
+        serviceConfiguration,
+        pauser
+      } = await loadFixture(deployFixture);
+
+      await tosAcceptanceRegistry
+        .connect(poolParticipant)
+        .acceptTermsOfService();
+
+      // Register the verifier
+      await poolAccessControl
+        .connect(poolAdmin)
+        .addTrustedVerifier(verifier.address);
+
+      // Get a signed verification result
+      const { verificationResult, signature } =
+        await getSignedVerificationResult(
+          poolAccessControl.address,
+          poolParticipant.address,
+          verifier
+        );
+
+      // Register the schema
+      await poolAccessControl
+        .connect(poolAdmin)
+        .addCredentialSchema(verificationResult.schema);
+
+      await serviceConfiguration.connect(pauser).setPaused(true);
+
+      // Verify the verification result
+      await expect(
+        poolAccessControl
+          .connect(poolParticipant)
+          .verify(verificationResult, signature)
+      ).to.be.revertedWith("PoolAccessControl: Protocol paused");
+    });
     it("reverts if the subject has not accepted ToS", async () => {
       const { poolAccessControl, poolParticipant, verifier, poolAdmin } =
         await loadFixture(deployFixture);