Merge pull request #6 from TSxo/pause

feat: Pause

Author: TSxo

README.md

@@ -13,23 +13,33 @@ The smart contracts are located in the `src` directory.
 .
 ├── auth
 │   ├── IOwned.sol
-│   ├── Owned.sol
-│   └── managed
-│       ├── AuthManaged.sol
-│       ├── AuthManager.sol
-│       ├── IAuthManaged.sol
-│       ├── IAuthManager.sol
-│       └── IAuthority.sol
+│   ├── managed
+│   │   ├── AuthManaged.sol
+│   │   ├── AuthManager.sol
+│   │   ├── IAuthManaged.sol
+│   │   ├── IAuthManager.sol
+│   │   └── IAuthority.sol
+│   └── Owned.sol
 ├── mixins
 │   ├── CallContext.sol
 │   └── Mutex.sol
+├── pause
+│   ├── IPausable.sol
+│   ├── managed
+│   │   ├── IPauseAuthority.sol
+│   │   ├── IPauseManaged.sol
+│   │   ├── IPauseManager.sol
+│   │   ├── PauseManaged.sol
+│   │   └── PauseManager.sol
+│   └── Pausable.sol
 └── proxy
     ├── ERC1967
     │   └── ERC1967Logic.sol
     ├── Proxy.sol
     └── UUPS
         ├── UUPSImplementation.sol
         └── UUPSProxy.sol
+
 ```
 
 ## Purpose & License

src/auth/managed/AuthManaged.sol

@@ -60,7 +60,7 @@ abstract contract AuthManaged is IAuthManaged {
     // State
 
     /// @dev keccak256(abi.encode(uint256(keccak256("libsol.storage.AuthManaged")) - 1)) & ~bytes32(uint256(0xff))
-    bytes32 private constant MANAGED_SLOT = 0xba07b3ca0f769fbcf052f5eef32e58c07f3aeeec01c8167517b7043932526600;
+    bytes32 private constant AUTH_MANAGED_SLOT = 0xba07b3ca0f769fbcf052f5eef32e58c07f3aeeec01c8167517b7043932526600;
 
     /// @dev keccak256(bytes("AuthorityUpdated(address,address)"))
     bytes32 private constant AUTHORITY_UPDATED = 0xa3396fd7f6e0a21b50e5089d2da70d5ac0a3bbbd1f617a93f134b76389980198;
@@ -106,7 +106,7 @@ abstract contract AuthManaged is IAuthManaged {
     /// @inheritdoc IAuthManaged
     function setAuthority(address newAuthority) public virtual {
         assembly ("memory-safe") {
-            if iszero(eq(caller(), sload(MANAGED_SLOT))) {
+            if iszero(eq(caller(), sload(AUTH_MANAGED_SLOT))) {
                 mstore(0x00, 0x3583568e) // `AuthManaged__Unauthorized()`
                 revert(0x1c, 0x04)
             }
@@ -118,7 +118,7 @@ abstract contract AuthManaged is IAuthManaged {
     /// @inheritdoc IAuthManaged
     function authority() public view virtual returns (address result) {
         assembly ("memory-safe") {
-            result := sload(MANAGED_SLOT)
+            result := sload(AUTH_MANAGED_SLOT)
         }
     }
 
@@ -135,8 +135,8 @@ abstract contract AuthManaged is IAuthManaged {
     /// Emits an `AuthorityUpdated` event.
     function _setAuthority(address newAuthority) internal virtual {
         assembly ("memory-safe") {
-            log3(0x00, 0x00, AUTHORITY_UPDATED, sload(MANAGED_SLOT), newAuthority)
-            sstore(MANAGED_SLOT, newAuthority)
+            log3(0x00, 0x00, AUTHORITY_UPDATED, sload(AUTH_MANAGED_SLOT), newAuthority)
+            sstore(AUTH_MANAGED_SLOT, newAuthority)
         }
     }
 
@@ -148,7 +148,7 @@ abstract contract AuthManaged is IAuthManaged {
     function _assertAuthorized(address user, bytes4 selector) internal view virtual {
         assembly ("memory-safe") {
             let ptr := mload(0x40)
-            let manager := sload(MANAGED_SLOT)
+            let manager := sload(AUTH_MANAGED_SLOT)
 
             mstore(ptr, CAN_CALL)
             mstore(add(ptr, 0x04), user)

src/auth/managed/AuthManager.sol

@@ -42,19 +42,14 @@ import { IAuthority } from "./IAuthority.sol";
 /// users with at least one role matching the allowed roles (bits 0 to 253) in
 /// the function’s bitmask.
 ///
-/// # Pausing
-///
-/// Target contracts can be paused. When paused, all functions with the `auth`
-/// modifier on that contract are blocked. Note, unmanaged functions (those
-/// without the `auth` modifier) remain callable.
-///
 /// # Owner
 ///
 /// All the permissions managed by this system can be modified by the owner of
 /// this instance. It is expected that this account will be highly secured.
 ///
-/// To determine the owner, this contract performs a self-staticcall to the
-/// `owner()` function - meaning any ERC-173 compliant contract is suitable.
+/// To determine the owner, this contract performs a staticcall to its own
+/// `owner()` function. This allows compatibility with any contract that adheres
+/// to the ERC-173 ownership standard.
 ///
 /// # Upgrade Compatible
 ///
@@ -69,32 +64,28 @@ import { IAuthority } from "./IAuthority.sol";
 /// - Solady.
 ///
 /// Thank you.
-contract AuthManager is IAuthority, IAuthManager {
+abstract contract AuthManager is IAuthManager, IAuthority {
     // -------------------------------------------------------------------------
     // Type Declarations
 
     /// @custom:storage-location erc7201:libsol.storage.AuthManager
     struct AuthManagerStorage {
         mapping(address => uint256) userRoles;
         mapping(address => mapping(bytes4 => uint256)) access;
-        mapping(address => bool) paused;
     }
 
     // -------------------------------------------------------------------------
     // State
 
     /// @dev keccak256(abi.encode(uint256(keccak256("libsol.storage.AuthManager")) - 1)) & ~bytes32(uint256(0xff))
-    bytes32 private constant MANAGER_SLOT = 0x938700b07e50a0d76711cd0ee77205e6b6a2709fd62fa43819e05a1a4baac400;
+    bytes32 private constant AUTH_MANAGER_SLOT = 0x938700b07e50a0d76711cd0ee77205e6b6a2709fd62fa43819e05a1a4baac400;
 
     /// @dev keccak256(bytes("UserRoleUpdated(address,uint8,bool)"))
     bytes32 private constant USER_ROLE_UPDATED = 0x4c9bdd0c8e073eb5eda2250b18d8e5121ff27b62064fbeeeed4869bb99bc5bf2;
 
     /// @dev keccak256(bytes("AccessUpdated(address,bytes4,uint8,bool)"))
     bytes32 private constant ACCESS_UPDATED = 0xdb20781f7ac6b1c66139899bc76388269b478dbb402af50576a4c997b473d564;
 
-    /// @dev keccak256(bytes("Paused(address,bool)"))
-    bytes32 private constant PAUSED = 0xe8699cf681560fd07de85543bd994263f4557bdc5179dd702f256d15fd083e1d;
-
     /// @dev keccak256(bytes("AuthorityUpdated(address,address)"))
     bytes32 private constant AUTHORITY_UPDATED = 0xa3396fd7f6e0a21b50e5089d2da70d5ac0a3bbbd1f617a93f134b76389980198;
 
@@ -145,22 +136,6 @@ contract AuthManager is IAuthority, IAuthManager {
         _setAccess(target, selector, role, enabled);
     }
 
-    /// @inheritdoc IAuthManager
-    function setPaused(address target, bool enabled) public virtual {
-        _assertAuthManagerOwner();
-
-        assembly ("memory-safe") {
-            mstore(0x00, target)
-            mstore(0x20, add(MANAGER_SLOT, 2))
-            let slot := keccak256(0x00, 0x40)
-
-            sstore(slot, enabled)
-
-            mstore(0x00, enabled)
-            log2(0x00, 0x20, PAUSED, target)
-        }
-    }
-
     /// @inheritdoc IAuthority
     function setAuthority(address target, address newAuthority) public virtual {
         _assertAuthManagerOwner();
@@ -181,24 +156,14 @@ contract AuthManager is IAuthority, IAuthManager {
     /// @inheritdoc IAuthority
     function canCall(address user, address target, bytes4 selector) public view virtual returns (bool result) {
         assembly ("memory-safe") {
-            // Check whether the target contract is paused.
-            mstore(0x00, target)
-            mstore(0x20, add(MANAGER_SLOT, 2))
-            let slot := keccak256(0x00, 0x40)
-
-            if sload(slot) {
-                mstore(0x00, 0x00)
-                return(0x00, 0x20)
-            }
-
             // Retrieve the target function's access rules.
             mstore(0x00, target)
-            mstore(0x20, add(MANAGER_SLOT, 1))
+            mstore(0x20, add(AUTH_MANAGER_SLOT, 1))
             let innerSlot := keccak256(0x00, 0x40)
 
             mstore(0x00, selector)
             mstore(0x20, innerSlot)
-            slot := keccak256(0x00, 0x40)
+            let slot := keccak256(0x00, 0x40)
 
             let accessMask := sload(slot)
 
@@ -219,7 +184,7 @@ contract AuthManager is IAuthority, IAuthManager {
 
             // Retrieve the user's active roles.
             mstore(0x00, user)
-            mstore(0x20, MANAGER_SLOT)
+            mstore(0x20, AUTH_MANAGER_SLOT)
             slot := keccak256(0x00, 0x40)
 
             let roles := sload(slot)
@@ -233,7 +198,7 @@ contract AuthManager is IAuthority, IAuthManager {
     function userRoles(address user) public view virtual returns (uint256 result) {
         assembly ("memory-safe") {
             mstore(0x00, user)
-            mstore(0x20, MANAGER_SLOT)
+            mstore(0x20, AUTH_MANAGER_SLOT)
             let slot := keccak256(0x00, 0x40)
 
             result := sload(slot)
@@ -244,7 +209,7 @@ contract AuthManager is IAuthority, IAuthManager {
     function hasRole(address user, uint8 role) public view virtual returns (bool result) {
         assembly ("memory-safe") {
             mstore(0x00, user)
-            mstore(0x20, MANAGER_SLOT)
+            mstore(0x20, AUTH_MANAGER_SLOT)
             let slot := keccak256(0x00, 0x40)
 
             result := iszero(iszero(and(sload(slot), shl(role, 1))))
@@ -255,7 +220,7 @@ contract AuthManager is IAuthority, IAuthManager {
     function functionAccess(address target, bytes4 selector) public view virtual returns (uint256 result) {
         assembly ("memory-safe") {
             mstore(0x00, target)
-            mstore(0x20, add(MANAGER_SLOT, 1))
+            mstore(0x20, add(AUTH_MANAGER_SLOT, 1))
             let innerSlot := keccak256(0x00, 0x40)
 
             mstore(0x00, selector)
@@ -268,7 +233,7 @@ contract AuthManager is IAuthority, IAuthManager {
     function roleHasAccess(address target, bytes4 selector, uint8 role) public view virtual returns (bool result) {
         assembly ("memory-safe") {
             mstore(0x00, target)
-            mstore(0x20, add(MANAGER_SLOT, 1))
+            mstore(0x20, add(AUTH_MANAGER_SLOT, 1))
             let innerSlot := keccak256(0x00, 0x40)
 
             mstore(0x00, selector)
@@ -284,7 +249,7 @@ contract AuthManager is IAuthority, IAuthManager {
     function isFunctionClosed(address target, bytes4 selector) public view virtual returns (bool result) {
         assembly ("memory-safe") {
             mstore(0x00, target)
-            mstore(0x20, add(MANAGER_SLOT, 1))
+            mstore(0x20, add(AUTH_MANAGER_SLOT, 1))
             let innerSlot := keccak256(0x00, 0x40)
 
             mstore(0x00, selector)
@@ -300,7 +265,7 @@ contract AuthManager is IAuthority, IAuthManager {
     function isFunctionPublic(address target, bytes4 selector) public view virtual returns (bool result) {
         assembly ("memory-safe") {
             mstore(0x00, target)
-            mstore(0x20, add(MANAGER_SLOT, 1))
+            mstore(0x20, add(AUTH_MANAGER_SLOT, 1))
             let innerSlot := keccak256(0x00, 0x40)
 
             mstore(0x00, selector)
@@ -312,15 +277,6 @@ contract AuthManager is IAuthority, IAuthManager {
         }
     }
 
-    /// @inheritdoc IAuthManager
-    function isPaused(address target) public view virtual returns (bool result) {
-        assembly ("memory-safe") {
-            mstore(0x00, target)
-            mstore(0x20, add(MANAGER_SLOT, 2))
-            result := sload(keccak256(0x00, 0x40))
-        }
-    }
-
     // -------------------------------------------------------------------------
     // Functions - Internal
 
@@ -337,7 +293,7 @@ contract AuthManager is IAuthority, IAuthManager {
     function _setUserRole(address user, uint8 role, bool enabled) internal virtual {
         assembly ("memory-safe") {
             mstore(0x00, user)
-            mstore(0x20, MANAGER_SLOT)
+            mstore(0x20, AUTH_MANAGER_SLOT)
             let slot := keccak256(0x00, 0x40)
 
             switch enabled
@@ -363,7 +319,7 @@ contract AuthManager is IAuthority, IAuthManager {
     function _setAccess(address target, bytes4 selector, uint8 shift, bool enabled) internal virtual {
         assembly ("memory-safe") {
             mstore(0x00, target)
-            mstore(0x20, add(MANAGER_SLOT, 1))
+            mstore(0x20, add(AUTH_MANAGER_SLOT, 1))
             let innerSlot := keccak256(0x00, 0x40)
 
             mstore(0x00, selector)

src/auth/managed/IAuthManaged.sol

@@ -32,6 +32,8 @@ interface IAuthManaged {
     ///
     /// @dev Requirements:
     /// - Only callable by the current Authority.
+    ///
+    /// Emits an `AuthorityUpdated` event.
     function setAuthority(address newAuthority) external;
 
     /// @notice Returns the current Authority.

src/auth/managed/IAuthManager.sol

@@ -26,23 +26,11 @@ interface IAuthManager {
     /// @param enabled  Whether the role was enabled.
     event AccessUpdated(address indexed target, bytes4 indexed selector, uint8 indexed role, bool enabled);
 
-    /// @notice Emitted when a target contract's paused status has been updated.
-    ///
-    /// @param target   The target contract.
-    /// @param enabled  Whether the target contract has been paused.
-    event Paused(address indexed target, bool enabled);
-
-    /// @notice Emitted when a target contract's Authority is updated.
-    ///
-    /// @param target       The target contract.
-    /// @param newAuthority The address of the new Authority.
-    event AuthorityUpdated(address indexed target, address indexed newAuthority);
-
     // -------------------------------------------------------------------------
     // Errors
 
-    /// @notice Raised when a caller does not have permission to invoke a
-    /// target function.
+    /// @notice Raised when a caller does not have permission to invoke a target
+    /// function.
     error AuthManager__Unauthorized();
 
     /// @notice Raised when attempting to set an invalid role.
@@ -102,17 +90,6 @@ interface IAuthManager {
     /// Emits an `AccessUpdated` event.
     function setRoleAccess(address target, bytes4 selector, uint8 role, bool enabled) external;
 
-    /// @notice Pauses or unpauses a target contract.
-    ///
-    /// @param target   The address of the target contract.
-    /// @param enabled  True to pause the contract, false to unpause it.
-    ///
-    /// @dev Requirements:
-    /// - Only callable by the owner.
-    ///
-    /// Emits a `Paused` event.
-    function setPaused(address target, bool enabled) external;
-
     /// @notice Retrieves the role bitmask for a user.
     ///
     /// @param user The address of the user.
@@ -165,11 +142,4 @@ interface IAuthManager {
     ///
     /// @return result True if the function is public, false otherwise.
     function isFunctionPublic(address target, bytes4 selector) external view returns (bool result);
-
-    /// @notice Checks whether a target contract is paused.
-    ///
-    /// @param target The address of the target contract.
-    ///
-    /// @return result True if the target contract is paused, false otherwise.
-    function isPaused(address target) external view returns (bool result);
 }

src/auth/managed/IAuthority.sol

@@ -6,8 +6,20 @@ pragma solidity ^0.8.20;
 ///
 /// @author TSxo
 ///
-/// @notice Interface for permissioning.
+/// @notice Defines the core functions required of an Authority.
 interface IAuthority {
+    // -------------------------------------------------------------------------
+    // Events
+
+    /// @notice Emitted when a target contract's Authority is updated.
+    ///
+    /// @param target       The target contract.
+    /// @param newAuthority The address of the new Authority.
+    event AuthorityUpdated(address indexed target, address indexed newAuthority);
+
+    // -------------------------------------------------------------------------
+    // Functions
+
     /// @notice Checks whether a caller is allowed to invoke a specific function
     /// on a target contract.
     ///