wip on freeze

thedavidmeister · thedavidmeister · commit b2c7e4c6b872 · 2025-03-10T12:18:47.000+04:00
diff --git a/src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.sol b/src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.sol
@@ -46,12 +46,6 @@ bytes32 constant DEPOSIT_ADMIN = keccak256("DEPOSIT_ADMIN");
 /// @dev Rolename for withdraw admins.
 bytes32 constant WITHDRAW_ADMIN = keccak256("WITHDRAW_ADMIN");
 
-/// @dev Rolename for handlers.
-/// Handler role is required to accept tokens during system freeze.
-bytes32 constant FREEZE_HANDLER = keccak256("FREEZE_HANDLER");
-/// @dev Rolename for handler admins.
-bytes32 constant FREEZE_HANDLER_ADMIN = keccak256("FREEZE_HANDLER_ADMIN");
-
 /// @dev Configuration for the OffchainAssetReceiptVaultAuthorizorV1.
 /// @param initialAdmin The initial admin of the contract.
 /// @param authorizee The address that is authorized to perform actions.
@@ -106,15 +100,11 @@ contract OffchainAssetReceiptVaultAuthorizerV1 is IAuthorizeV1, ICloneableV2, Ac
         _setRoleAdmin(WITHDRAW, WITHDRAW_ADMIN);
         _setRoleAdmin(WITHDRAW_ADMIN, WITHDRAW_ADMIN);
 
-        _setRoleAdmin(FREEZE_HANDLER, FREEZE_HANDLER_ADMIN);
-        _setRoleAdmin(FREEZE_HANDLER_ADMIN, FREEZE_HANDLER_ADMIN);
-
         _grantRole(CERTIFY_ADMIN, config.initialAdmin);
         _grantRole(CONFISCATE_RECEIPT_ADMIN, config.initialAdmin);
         _grantRole(CONFISCATE_SHARES_ADMIN, config.initialAdmin);
         _grantRole(DEPOSIT_ADMIN, config.initialAdmin);
         _grantRole(WITHDRAW_ADMIN, config.initialAdmin);
-        _grantRole(FREEZE_HANDLER_ADMIN, config.initialAdmin);
 
         return ICLONEABLE_V2_SUCCESS;
     }
@@ -173,13 +163,6 @@ contract OffchainAssetReceiptVaultAuthorizerV1 is IAuthorizeV1, ICloneableV2, Ac
 
             // Everyone else can only transfer while the certification is valid.
             if (isCertificationExpired) {
-                // Handlers can ALWAYS send and receive funds.
-                // Handlers bypass BOTH the timestamp on certification AND tier based
-                // restriction.
-                if (hasRole(FREEZE_HANDLER, from) || hasRole(FREEZE_HANDLER, to)) {
-                    return;
-                }
-
                 // Minting and burning is always allowed for the respective roles if they
                 // interact directly with the shares/receipt. Minting and burning is ALSO
                 // valid after the certification expires as it is likely the only way to
@@ -188,10 +171,13 @@ contract OffchainAssetReceiptVaultAuthorizerV1 is IAuthorizeV1, ICloneableV2, Ac
                     return;
                 }
 
-                // Confiscation is always allowed as it likely represents some kind of
-                // regulatory/legal requirement. It may also be required to satisfy
-                // certification requirements.
-                if (hasRole(CONFISCATE_SHARES, to) || hasRole(CONFISCATE_RECEIPT, to)) {
+                // Confiscators bypass the certification check when they are the
+                // user. This allows for legal confiscation during system freeze
+                // and for certification repair.
+                if (
+                    (permission == TRANSFER_SHARES && hasRole(CONFISCATE_SHARES, user))
+                        || (permission == TRANSFER_RECEIPT && hasRole(CONFISCATE_RECEIPT, user))
+                ) {
                     return;
                 }
 
diff --git a/test/src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.authorize.t.sol b/test/src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.authorize.t.sol
@@ -17,7 +17,6 @@ import {
     CONFISCATE_SHARES,
     DEPOSIT,
     WITHDRAW,
-    FREEZE_HANDLER,
     CertificationExpired
 } from "src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.sol";
 import {CloneFactory} from "rain.factory/concrete/CloneFactory.sol";
@@ -72,13 +71,12 @@ contract OffchainAssetReceiptVaultAuthorizerV1AuthorizeTest is Test {
         OffchainAssetReceiptVaultAuthorizerV1 authorizer =
             OffchainAssetReceiptVaultAuthorizerV1(factory.clone(address(authorizerImplementation), abi.encode(config)));
 
-        bytes32[] memory roles = new bytes32[](6);
+        bytes32[] memory roles = new bytes32[](5);
         roles[0] = CERTIFY;
         roles[1] = CONFISCATE_SHARES;
         roles[2] = CONFISCATE_RECEIPT;
         roles[3] = DEPOSIT;
         roles[4] = WITHDRAW;
-        roles[5] = FREEZE_HANDLER;
 
         for (uint256 i = 0; i < roles.length; i++) {
             vm.assertTrue(!authorizer.hasRole(roles[i], user));
diff --git a/test/src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.construct.t.sol b/test/src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.construct.t.sol
@@ -12,8 +12,6 @@ import {
     CONFISCATE_RECEIPT_ADMIN,
     DEPOSIT_ADMIN,
     WITHDRAW_ADMIN,
-    FREEZE_HANDLER_ADMIN,
-    FREEZE_HANDLER,
     CERTIFY,
     CONFISCATE_SHARES,
     CONFISCATE_RECEIPT,
@@ -49,13 +47,11 @@ contract OffchainAssetReceiptVaultAuthorizerV1ConstructTest is Test {
         vm.assume(badRole != CONFISCATE_RECEIPT_ADMIN);
         vm.assume(badRole != DEPOSIT_ADMIN);
         vm.assume(badRole != WITHDRAW_ADMIN);
-        vm.assume(badRole != FREEZE_HANDLER_ADMIN);
         vm.assume(badRole != CERTIFY);
         vm.assume(badRole != CONFISCATE_SHARES);
         vm.assume(badRole != CONFISCATE_RECEIPT);
         vm.assume(badRole != DEPOSIT);
         vm.assume(badRole != WITHDRAW);
-        vm.assume(badRole != FREEZE_HANDLER);
 
         OffchainAssetReceiptVaultAuthorizerV1 authorizerImplementation = new OffchainAssetReceiptVaultAuthorizerV1();
 
@@ -76,30 +72,26 @@ contract OffchainAssetReceiptVaultAuthorizerV1ConstructTest is Test {
         vm.assertTrue(authorizer.hasRole(CONFISCATE_RECEIPT_ADMIN, initialAdmin));
         vm.assertTrue(authorizer.hasRole(DEPOSIT_ADMIN, initialAdmin));
         vm.assertTrue(authorizer.hasRole(WITHDRAW_ADMIN, initialAdmin));
-        vm.assertTrue(authorizer.hasRole(FREEZE_HANDLER_ADMIN, initialAdmin));
 
         vm.assertTrue(!authorizer.hasRole(CERTIFY, initialAdmin));
         vm.assertTrue(!authorizer.hasRole(CONFISCATE_SHARES, initialAdmin));
         vm.assertTrue(!authorizer.hasRole(CONFISCATE_RECEIPT, initialAdmin));
         vm.assertTrue(!authorizer.hasRole(DEPOSIT, initialAdmin));
         vm.assertTrue(!authorizer.hasRole(WITHDRAW, initialAdmin));
-        vm.assertTrue(!authorizer.hasRole(FREEZE_HANDLER, initialAdmin));
         vm.assertTrue(!authorizer.hasRole(badRole, initialAdmin));
 
         vm.assertTrue(!authorizer.hasRole(CERTIFY_ADMIN, authorizee));
         vm.assertTrue(!authorizer.hasRole(CONFISCATE_SHARES_ADMIN, authorizee));
         vm.assertTrue(!authorizer.hasRole(CONFISCATE_RECEIPT_ADMIN, authorizee));
         vm.assertTrue(!authorizer.hasRole(DEPOSIT_ADMIN, authorizee));
         vm.assertTrue(!authorizer.hasRole(WITHDRAW_ADMIN, authorizee));
-        vm.assertTrue(!authorizer.hasRole(FREEZE_HANDLER_ADMIN, authorizee));
         vm.assertTrue(!authorizer.hasRole(badRole, authorizee));
 
         vm.assertTrue(!authorizer.hasRole(CERTIFY, authorizee));
         vm.assertTrue(!authorizer.hasRole(CONFISCATE_SHARES, authorizee));
         vm.assertTrue(!authorizer.hasRole(CONFISCATE_RECEIPT, authorizee));
         vm.assertTrue(!authorizer.hasRole(DEPOSIT, authorizee));
         vm.assertTrue(!authorizer.hasRole(WITHDRAW, authorizee));
-        vm.assertTrue(!authorizer.hasRole(FREEZE_HANDLER, authorizee));
         vm.assertTrue(!authorizer.hasRole(badRole, authorizee));
 
         vm.startPrank(initialAdmin);
@@ -108,15 +100,13 @@ contract OffchainAssetReceiptVaultAuthorizerV1ConstructTest is Test {
         authorizer.grantRole(CONFISCATE_RECEIPT, authorizee);
         authorizer.grantRole(DEPOSIT, authorizee);
         authorizer.grantRole(WITHDRAW, authorizee);
-        authorizer.grantRole(FREEZE_HANDLER, authorizee);
         vm.stopPrank();
 
         vm.assertTrue(authorizer.hasRole(CERTIFY, authorizee));
         vm.assertTrue(authorizer.hasRole(CONFISCATE_SHARES, authorizee));
         vm.assertTrue(authorizer.hasRole(CONFISCATE_RECEIPT, authorizee));
         vm.assertTrue(authorizer.hasRole(DEPOSIT, authorizee));
         vm.assertTrue(authorizer.hasRole(WITHDRAW, authorizee));
-        vm.assertTrue(authorizer.hasRole(FREEZE_HANDLER, authorizee));
         vm.assertTrue(!authorizer.hasRole(badRole, authorizee));
     }
 
diff --git a/test/src/concrete/vault/OffchainAssetReceiptVault.authorizeReceiptTransfer.t.sol b/test/src/concrete/vault/OffchainAssetReceiptVault.authorizeReceiptTransfer.t.sol
@@ -9,8 +9,7 @@ import {
 import {LibUniqueAddressesGenerator} from "../../../lib/LibUniqueAddressesGenerator.sol";
 import {
     OffchainAssetReceiptVaultAuthorizerV1,
-    CertificationExpired,
-    FREEZE_HANDLER
+    CertificationExpired
 } from "src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.sol";
 import {UnmanagedReceiptTransfer} from "src/interface/IReceiptManagerV2.sol";
 
@@ -120,7 +119,8 @@ contract OffchainAssetReceiptVaultAuthorizeReceiptTransferTest is OffchainAssetR
         vm.stopPrank();
     }
 
-    /// Test AuthorizeReceiptTransfer does not revert without certification if transfers involve a handler role
+    /// Test AuthorizeReceiptTransfer does not revert without certification if
+    /// transfers involve a handler role
     function testAuthorizeReceiptTransferForHandlerFrom(
         uint256 aliceSeed,
         uint256 bobSeed,
@@ -137,7 +137,7 @@ contract OffchainAssetReceiptVaultAuthorizeReceiptTransferTest is OffchainAssetR
 
         // Prank as Alice to set role
         vm.startPrank(alice);
-        OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(FREEZE_HANDLER, bob);
+        // OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(FREEZE_HANDLER, bob);
 
         vm.startPrank(address(vault.receipt()));
 
@@ -147,7 +147,7 @@ contract OffchainAssetReceiptVaultAuthorizeReceiptTransferTest is OffchainAssetR
 
         vm.startPrank(alice);
         // Grant handler role to alice.
-        OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(FREEZE_HANDLER, alice);
+        // OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(FREEZE_HANDLER, alice);
 
         vm.startPrank(address(vault.receipt()));
 
diff --git a/test/src/concrete/vault/OffchainAssetReceiptVault.handler.t.sol b/test/src/concrete/vault/OffchainAssetReceiptVault.handler.t.sol
@@ -2,14 +2,16 @@
 // SPDX-FileCopyrightText: Copyright (c) 2020 Rain Open Source Software Ltd
 pragma solidity =0.8.25;
 
-import {OffchainAssetReceiptVault, DEPOSIT, CERTIFY} from "src/concrete/vault/OffchainAssetReceiptVault.sol";
+import {
+    OffchainAssetReceiptVault,
+    DEPOSIT,
+    CERTIFY,
+    CONFISCATE_RECEIPT
+} from "src/concrete/vault/OffchainAssetReceiptVault.sol";
 import {OffchainAssetReceiptVaultTest, Vm} from "test/abstract/OffchainAssetReceiptVaultTest.sol";
 import {LibOffchainAssetVaultCreator} from "test/lib/LibOffchainAssetVaultCreator.sol";
 import {Receipt as ReceiptContract} from "src/concrete/receipt/Receipt.sol";
-import {
-    OffchainAssetReceiptVaultAuthorizerV1,
-    FREEZE_HANDLER
-} from "src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.sol";
+import {OffchainAssetReceiptVaultAuthorizerV1} from "src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.sol";
 import {LibUniqueAddressesGenerator} from "../../../lib/LibUniqueAddressesGenerator.sol";
 
 contract OffchainAssetReceiptVaultHandlerTest is OffchainAssetReceiptVaultTest {
@@ -69,7 +71,7 @@ contract OffchainAssetReceiptVaultHandlerTest is OffchainAssetReceiptVaultTest {
         vm.startPrank(alice);
 
         OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(CERTIFY, alice);
-        OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(FREEZE_HANDLER, bob);
+        // OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(FREEZE_HANDLER, bob);
         OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(DEPOSIT, alice);
 
         // Call the certify function
@@ -124,7 +126,7 @@ contract OffchainAssetReceiptVaultHandlerTest is OffchainAssetReceiptVaultTest {
         vm.startPrank(alice);
 
         OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(CERTIFY, alice);
-        OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(FREEZE_HANDLER, bob);
+        // OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(FREEZE_HANDLER, bob);
         OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(DEPOSIT, alice);
 
         // Call the certify function
@@ -180,7 +182,7 @@ contract OffchainAssetReceiptVaultHandlerTest is OffchainAssetReceiptVaultTest {
         vm.startPrank(alice);
 
         OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(CERTIFY, alice);
-        OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(FREEZE_HANDLER, john);
+        // OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(CONFISCATE_RECEIPT, john);
         OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).grantRole(DEPOSIT, alice);
 
         // Call the certify function
diff --git a/test/src/concrete/vault/OffchainAssetReceiptVault.roles.t.sol b/test/src/concrete/vault/OffchainAssetReceiptVault.roles.t.sol
@@ -26,13 +26,11 @@ import {
     CERTIFY_ADMIN,
     CONFISCATE_RECEIPT_ADMIN,
     CONFISCATE_SHARES_ADMIN,
-    FREEZE_HANDLER_ADMIN,
     DEPOSIT_ADMIN,
     WITHDRAW_ADMIN,
     DEPOSIT,
     WITHDRAW,
     CERTIFY,
-    FREEZE_HANDLER,
     CONFISCATE_RECEIPT,
     CONFISCATE_SHARES
 } from "src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.sol";
@@ -47,9 +45,6 @@ contract RolesTest is OffchainAssetReceiptVaultTest {
         assertTrue(OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).hasRole(DEPOSIT_ADMIN, alice));
         assertTrue(OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).hasRole(WITHDRAW_ADMIN, alice));
         assertTrue(OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).hasRole(CERTIFY_ADMIN, alice));
-        assertTrue(
-            OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).hasRole(FREEZE_HANDLER_ADMIN, alice)
-        );
         assertTrue(
             OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).hasRole(CONFISCATE_RECEIPT_ADMIN, alice)
         );
@@ -60,7 +55,6 @@ contract RolesTest is OffchainAssetReceiptVaultTest {
         assertTrue(!OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).hasRole(DEPOSIT, alice));
         assertTrue(!OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).hasRole(WITHDRAW, alice));
         assertTrue(!OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).hasRole(CERTIFY, alice));
-        assertTrue(!OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).hasRole(FREEZE_HANDLER, alice));
         assertTrue(
             !OffchainAssetReceiptVaultAuthorizerV1(address(vault.authorizer())).hasRole(CONFISCATE_RECEIPT, alice)
         );
