feat: add pauser to update funcs

ypatil12 · ypatil12 · commit c3c62d975283 · 2025-07-01T11:47:07.000-04:00
diff --git a/docs/multichain/destination/OperatorTableUpdater.md b/docs/multichain/destination/OperatorTableUpdater.md
@@ -69,6 +69,7 @@ Confirms a new global table root by verifying a BN254 certificate signed by the
 * Emits a `NewGlobalTableRoot` event
 
 *Requirements*:
+* The contract MUST NOT be paused for global root updates
 * The `referenceTimestamp` MUST NOT be in the future
 * The `referenceTimestamp` MUST be greater than `_latestReferenceTimestamp`
 * The certificate's `messageHash` MUST match the expected EIP-712 hash
@@ -110,6 +111,7 @@ Updates an operator table by verifying its inclusion in a confirmed global table
   * Calls `ecdsaCertificateVerifier.updateOperatorTable` with the decoded operator info
 
 *Requirements*:
+* The contract MUST NOT be paused for operator table updates
 * The `globalTableRoot` MUST be valid (not disabled)
 * The `referenceTimestamp` MUST be greater than the latest timestamp for the operator set
 * The merkle proof MUST verify the operator table's inclusion in the global root
@@ -181,7 +183,7 @@ function disableRoot(
 ) external;
 ```
 
-Disables a global table root, preventing further operator table updates against it. This function also prevents the `CertificateVerifier` from verifying certificates. The function is intended to prevent a malicious or invalid root from being used by downstream consumers. 
+Disables a global table root, preventing further operator table updates against it. This function also prevents the `CertificateVerifier` from verifying certificates. The function is intended to prevent a malicious or invalid root from being used by downstream consumers. Once a root is disabled, it cannot be re-enabled. 
 
 *Effects*:
 * Sets `_isRootValid[globalTableRoot]` to `false`
@@ -217,4 +219,4 @@ Updates the operator table for the `generator` itself. This operatorSet is a ["s
 
 *Requirements*:
 * Caller MUST be the `owner`
-* Meet all requirements in [`bn254CertificateVerifier.updateOperatorTable`](../destination/CertificateVerifier.md#updateoperatortable-1)
+* Meet all requirements in [`bn254CertificateVerifier.updateOperatorTable`](../destination/CertificateVerifier.md#updateoperatortable-1)
diff --git a/pkg/bindings/OperatorTableUpdater/binding.go b/pkg/bindings/OperatorTableUpdater/binding.go
diff --git a/src/contracts/multichain/OperatorTableUpdater.sol b/src/contracts/multichain/OperatorTableUpdater.sol
@@ -88,7 +88,7 @@ contract OperatorTableUpdater is
         bytes32 globalTableRoot,
         uint32 referenceTimestamp,
         uint32 referenceBlockNumber
-    ) external {
+    ) external onlyWhenNotPaused(PAUSED_GLOBAL_ROOT_UPDATE) {
         // Table roots can only be updated for current or past timestamps and after the latest reference timestamp
         require(referenceTimestamp <= block.timestamp, GlobalTableRootInFuture());
         require(referenceTimestamp > _latestReferenceTimestamp, GlobalTableRootStale());
@@ -124,7 +124,7 @@ contract OperatorTableUpdater is
         uint32 operatorSetIndex,
         bytes calldata proof,
         bytes calldata operatorTableBytes
-    ) external {
+    ) external onlyWhenNotPaused(PAUSED_OPERATOR_TABLE_UPDATE) {
         (
             OperatorSet memory operatorSet,
             CurveType curveType,
diff --git a/src/contracts/multichain/OperatorTableUpdaterStorage.sol b/src/contracts/multichain/OperatorTableUpdaterStorage.sol
@@ -8,6 +8,12 @@ import "../interfaces/IECDSACertificateVerifier.sol";
 abstract contract OperatorTableUpdaterStorage is IOperatorTableUpdater {
     // Constants
 
+    /// @notice Index for flag that pauses calling `updateGlobalTableRoot`
+    uint8 internal constant PAUSED_GLOBAL_ROOT_UPDATE = 0;
+
+    /// @notice Index for flag that pauses calling `updateOperatorTable`
+    uint8 internal constant PAUSED_OPERATOR_TABLE_UPDATE = 1;
+
     bytes32 public constant GLOBAL_TABLE_ROOT_CERT_TYPEHASH =
         keccak256("GlobalTableRootCert(bytes32 globalTableRoot,uint32 referenceTimestamp,uint32 referenceBlockNumber)");
 
diff --git a/src/test/tree/OperatorTableUpdaterUnit.tree b/src/test/tree/OperatorTableUpdaterUnit.tree
@@ -6,6 +6,8 @@
     │   └── given that the contract is not initialized
     │       └── it should set the owner, generator, threshold, and update operator table & emit events
     ├── when confirmGlobalTableRoot is called
+    │   ├── given that the contract is paused for global root updates
+    │   │   └── it should revert with CurrentlyPaused
     │   ├── given that the reference timestamp is in the future
     │   │   └── it should revert with GlobalTableRootInFuture
     │   ├── given that the reference timestamp is not greater than latest
@@ -17,6 +19,8 @@
     │   └── given that all parameters are valid
     │       └── it should update global table root, reference timestamp, block number mappings (both directions) & emit NewGlobalTableRoot event
     ├── when updateOperatorTable is called
+    │   ├── given that the contract is paused for operator table updates
+    │   │   └── it should revert with CurrentlyPaused
     │   ├── given that the reference timestamp is not greater than operator set's latest
     │   │   └── it should revert with TableUpdateForPastTimestamp
     │   ├── given that the global table root is not valid
diff --git a/src/test/unit/OperatorTableUpdaterUnit.t.sol b/src/test/unit/OperatorTableUpdaterUnit.t.sol
@@ -217,6 +217,23 @@ contract OperatorTableUpdaterUnitTests_confirmGlobalTableRoot is OperatorTableUp
         operatorTableUpdater.confirmGlobalTableRoot(mockCertificate, bytes32(0), referenceTimestamp + 1, referenceBlockNumber);
     }
 
+    function testFuzz_revert_paused(Randomness r) public rand(r) {
+        // Pause the confirmGlobalTableRoot functionality (bit index 0)
+        uint pausedStatus = 1 << 0; // Set bit 0 to pause PAUSED_GLOBAL_ROOT_UPDATE
+        cheats.prank(pauser);
+        operatorTableUpdater.pause(pausedStatus);
+
+        uint32 referenceTimestamp = r.Uint32(operatorTableUpdater.getLatestReferenceTimestamp() + 1, type(uint32).max);
+        uint32 referenceBlockNumber = r.Uint32();
+        bytes32 globalTableRoot = bytes32(r.Uint256(1, type(uint).max));
+        mockCertificate.messageHash =
+            operatorTableUpdater.getGlobalTableUpdateMessageHash(globalTableRoot, referenceTimestamp, referenceBlockNumber);
+
+        // Try to confirm a global table root while paused
+        cheats.expectRevert(IPausable.CurrentlyPaused.selector);
+        operatorTableUpdater.confirmGlobalTableRoot(mockCertificate, globalTableRoot, referenceTimestamp, referenceBlockNumber);
+    }
+
     function testFuzz_revert_staleCertificate(Randomness r) public rand(r) {
         uint32 referenceBlockNumber = uint32(block.number);
         mockCertificate.messageHash =
@@ -276,6 +293,27 @@ contract OperatorTableUpdaterUnitTests_updateOperatorTable_BN254 is OperatorTabl
         bn254CertificateVerifierMock.setLatestReferenceTimestamp(operatorSet, referenceTimestamp);
     }
 
+    function testFuzz_BN254_revert_paused(Randomness r) public rand(r) {
+        // Pause the updateOperatorTable functionality (bit index 1)
+        uint pausedStatus = 1 << 1; // Set bit 1 to pause PAUSED_OPERATOR_TABLE_UPDATE
+        cheats.prank(pauser);
+        operatorTableUpdater.pause(pausedStatus);
+
+        // Generate random operatorSetInfo and operatorSetConfig
+        BN254OperatorSetInfo memory operatorSetInfo = _generateRandomBN254OperatorSetInfo(r);
+        bytes memory operatorSetInfoBytes = abi.encode(operatorSetInfo);
+        OperatorSetConfig memory operatorSetConfig = _generateRandomOperatorSetConfig(r);
+        bytes memory operatorTable = abi.encode(defaultOperatorSet, CurveType.BN254, operatorSetConfig, operatorSetInfoBytes);
+
+        // First create a valid root
+        bytes32 globalTableRoot = bytes32(r.Uint256(1, type(uint).max));
+        _updateGlobalTableRoot(globalTableRoot);
+
+        // Try to update operator table while paused
+        cheats.expectRevert(IPausable.CurrentlyPaused.selector);
+        operatorTableUpdater.updateOperatorTable(uint32(block.timestamp), globalTableRoot, 0, new bytes(0), operatorTable);
+    }
+
     function testFuzz_BN254_revert_staleTableUpdate(Randomness r) public rand(r) {
         uint32 referenceTimestamp = r.Uint32(uint32(block.timestamp), type(uint32).max);
         _setLatestReferenceTimestampBN254(defaultOperatorSet, referenceTimestamp);
@@ -397,6 +435,27 @@ contract OperatorTableUpdaterUnitTests_updateOperatorTable_ECDSA is OperatorTabl
         ecdsaCertificateVerifierMock.setLatestReferenceTimestamp(operatorSet, referenceTimestamp);
     }
 
+    function testFuzz_ECDSA_revert_paused(Randomness r) public rand(r) {
+        // Pause the updateOperatorTable functionality (bit index 1)
+        uint pausedStatus = 1 << 1; // Set bit 1 to pause PAUSED_OPERATOR_TABLE_UPDATE
+        cheats.prank(pauser);
+        operatorTableUpdater.pause(pausedStatus);
+
+        // Generate random operatorInfos and operatorSetConfig
+        ECDSAOperatorInfo[] memory operatorInfos = _generateRandomECDSAOperatorInfos(r);
+        bytes memory operatorInfosBytes = abi.encode(operatorInfos);
+        OperatorSetConfig memory operatorSetConfig = _generateRandomOperatorSetConfig(r);
+        bytes memory operatorTable = abi.encode(defaultOperatorSet, CurveType.ECDSA, operatorSetConfig, operatorInfosBytes);
+
+        // First create a valid root
+        bytes32 globalTableRoot = bytes32(r.Uint256(1, type(uint).max));
+        _updateGlobalTableRoot(globalTableRoot);
+
+        // Try to update operator table while paused
+        cheats.expectRevert(IPausable.CurrentlyPaused.selector);
+        operatorTableUpdater.updateOperatorTable(uint32(block.timestamp), globalTableRoot, 0, new bytes(0), operatorTable);
+    }
+
     function testFuzz_ECDSA_revert_rootDisabled(Randomness r) public rand(r) {
         // Generate random operatorSetInfo and operatorSetConfig
         ECDSAOperatorInfo[] memory emptyOperatorSetInfo;
