feat(contracts): add emergency role to pause L1/L2ScrollMessenger (#975)

Co-authored-by: Péter Garamvölgyi <peter@scroll.io>
scroll-tech · Oct 7, 2023 · 7c742da · 7c742da
1 parent 0cdb0dc
commit 7c742da
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 96 deletions.
diff --git a/contracts/scripts/foundry/DeployL2RateLimiter.s.sol b/contracts/scripts/foundry/DeployL2RateLimiter.s.sol
diff --git a/contracts/scripts/foundry/InitializeL1ScrollOwner.s.sol b/contracts/scripts/foundry/InitializeL1ScrollOwner.s.sol
@@ -30,12 +30,14 @@ contract InitializeL1ScrollOwner is Script {
 
     bytes32 constant SECURITY_COUNCIL_NO_DELAY_ROLE = keccak256("SECURITY_COUNCIL_NO_DELAY_ROLE");
     bytes32 constant SCROLL_MULTISIG_NO_DELAY_ROLE = keccak256("SCROLL_MULTISIG_NO_DELAY_ROLE");
+    bytes32 constant EMERGENCY_MULTISIG_NO_DELAY_ROLE = keccak256("EMERGENCY_MULTISIG_NO_DELAY_ROLE");
 
     bytes32 constant TIMELOCK_1DAY_DELAY_ROLE = keccak256("TIMELOCK_1DAY_DELAY_ROLE");
     bytes32 constant TIMELOCK_7DAY_DELAY_ROLE = keccak256("TIMELOCK_7DAY_DELAY_ROLE");
 
     address SCROLL_MULTISIG_ADDR = vm.envAddress("L1_SCROLL_MULTISIG_ADDR");
     address SECURITY_COUNCIL_ADDR = vm.envAddress("L1_SECURITY_COUNCIL_ADDR");
+    address EMERGENCY_MULTISIG_ADDR = vm.envAddress("L1_EMERGENCY_MULTISIG_ADDR");
 
     address L1_SCROLL_OWNER_ADDR = vm.envAddress("L1_SCROLL_OWNER_ADDR");
     address L1_1D_TIMELOCK_ADDR = vm.envAddress("L1_1D_TIMELOCK_ADDR");
@@ -111,6 +113,7 @@ contract InitializeL1ScrollOwner is Script {
     function grantRoles() internal {
         owner.grantRole(SECURITY_COUNCIL_NO_DELAY_ROLE, SECURITY_COUNCIL_ADDR);
         owner.grantRole(SCROLL_MULTISIG_NO_DELAY_ROLE, SCROLL_MULTISIG_ADDR);
+        owner.grantRole(EMERGENCY_MULTISIG_NO_DELAY_ROLE, EMERGENCY_MULTISIG_ADDR);
         owner.grantRole(TIMELOCK_1DAY_DELAY_ROLE, L1_1D_TIMELOCK_ADDR);
         owner.grantRole(TIMELOCK_7DAY_DELAY_ROLE, L1_7D_TIMELOCK_ADDR);
 
@@ -131,20 +134,25 @@ contract InitializeL1ScrollOwner is Script {
     function configScrollChain() internal {
         bytes4[] memory _selectors;
 
-        // no delay, scroll multisig
-        _selectors = new bytes4[](5);
+        // no delay, scroll multisig and emergency multisig
+        _selectors = new bytes4[](4);
         _selectors[0] = ScrollChain.revertBatch.selector;
         _selectors[1] = ScrollChain.removeSequencer.selector;
         _selectors[2] = ScrollChain.removeProver.selector;
-        _selectors[3] = ScrollChain.updateMaxNumTxInChunk.selector;
-        _selectors[4] = ScrollChain.setPause.selector;
+        _selectors[3] = ScrollChain.setPause.selector;
         owner.updateAccess(L1_SCROLL_CHAIN_PROXY_ADDR, _selectors, SCROLL_MULTISIG_NO_DELAY_ROLE, true);
+        owner.updateAccess(L1_SCROLL_CHAIN_PROXY_ADDR, _selectors, EMERGENCY_MULTISIG_NO_DELAY_ROLE, true);
 
         // delay 1 day, scroll multisig
         _selectors = new bytes4[](2);
         _selectors[0] = ScrollChain.addSequencer.selector;
         _selectors[1] = ScrollChain.addProver.selector;
         owner.updateAccess(L1_SCROLL_CHAIN_PROXY_ADDR, _selectors, TIMELOCK_1DAY_DELAY_ROLE, true);
+
+        // delay 7 day, scroll multisig
+        _selectors = new bytes4[](1);
+        _selectors[0] = ScrollChain.updateMaxNumTxInChunk.selector;
+        owner.updateAccess(L1_SCROLL_CHAIN_PROXY_ADDR, _selectors, TIMELOCK_7DAY_DELAY_ROLE, true);
     }
 
     function configL1MessageQueue() internal {
@@ -160,10 +168,11 @@ contract InitializeL1ScrollOwner is Script {
     function configL1ScrollMessenger() internal {
         bytes4[] memory _selectors;
 
-        // no delay, scroll multisig
+        // no delay, scroll multisig and emergency multisig
         _selectors = new bytes4[](1);
         _selectors[0] = ScrollMessengerBase.setPause.selector;
         owner.updateAccess(L1_SCROLL_MESSENGER_PROXY_ADDR, _selectors, SCROLL_MULTISIG_NO_DELAY_ROLE, true);
+        owner.updateAccess(L1_SCROLL_MESSENGER_PROXY_ADDR, _selectors, EMERGENCY_MULTISIG_NO_DELAY_ROLE, true);
 
         // delay 1 day, scroll multisig
         _selectors = new bytes4[](1);
@@ -174,10 +183,11 @@ contract InitializeL1ScrollOwner is Script {
     function configL2GasPriceOracle() internal {
         bytes4[] memory _selectors;
 
-        // no delay, scroll multisig
+        // no delay, scroll multisig and emergency multisig
         _selectors = new bytes4[](1);
         _selectors[0] = L2GasPriceOracle.setIntrinsicParams.selector;
         owner.updateAccess(L2_GAS_PRICE_ORACLE_PROXY_ADDR, _selectors, SCROLL_MULTISIG_NO_DELAY_ROLE, true);
+        owner.updateAccess(L2_GAS_PRICE_ORACLE_PROXY_ADDR, _selectors, EMERGENCY_MULTISIG_NO_DELAY_ROLE, true);
     }
 
     function configL1Whitelist() internal {
@@ -254,10 +264,11 @@ contract InitializeL1ScrollOwner is Script {
     function configEnforcedTxGateway() internal {
         bytes4[] memory _selectors;
 
-        // no delay, scroll multisig
+        // no delay, scroll multisig and emergency multisig
         _selectors = new bytes4[](1);
         _selectors[0] = EnforcedTxGateway.setPause.selector;
         owner.updateAccess(L1_ENFORCED_TX_GATEWAY_PROXY_ADDR, _selectors, SCROLL_MULTISIG_NO_DELAY_ROLE, true);
+        owner.updateAccess(L1_ENFORCED_TX_GATEWAY_PROXY_ADDR, _selectors, EMERGENCY_MULTISIG_NO_DELAY_ROLE, true);
     }
     */
 }
diff --git a/contracts/scripts/foundry/InitializeL2ScrollOwner.s.sol b/contracts/scripts/foundry/InitializeL2ScrollOwner.s.sol
@@ -19,8 +19,6 @@ import {L1GasPriceOracle} from "../../src/L2/predeploys/L1GasPriceOracle.sol";
 import {L2TxFeeVault} from "../../src/L2/predeploys/L2TxFeeVault.sol";
 import {Whitelist} from "../../src/L2/predeploys/Whitelist.sol";
 import {ScrollOwner} from "../../src/misc/ScrollOwner.sol";
-import {ETHRateLimiter} from "../../src/rate-limiter/ETHRateLimiter.sol";
-import {TokenRateLimiter} from "../../src/rate-limiter/TokenRateLimiter.sol";
 
 // solhint-disable max-states-count
 // solhint-disable state-visibility
@@ -31,12 +29,14 @@ contract InitializeL2ScrollOwner is Script {
 
     bytes32 constant SECURITY_COUNCIL_NO_DELAY_ROLE = keccak256("SECURITY_COUNCIL_NO_DELAY_ROLE");
     bytes32 constant SCROLL_MULTISIG_NO_DELAY_ROLE = keccak256("SCROLL_MULTISIG_NO_DELAY_ROLE");
+    bytes32 constant EMERGENCY_MULTISIG_NO_DELAY_ROLE = keccak256("EMERGENCY_MULTISIG_NO_DELAY_ROLE");
 
     bytes32 constant TIMELOCK_1DAY_DELAY_ROLE = keccak256("TIMELOCK_1DAY_DELAY_ROLE");
     bytes32 constant TIMELOCK_7DAY_DELAY_ROLE = keccak256("TIMELOCK_7DAY_DELAY_ROLE");
 
     address SCROLL_MULTISIG_ADDR = vm.envAddress("L2_SCROLL_MULTISIG_ADDR");
     address SECURITY_COUNCIL_ADDR = vm.envAddress("L2_SECURITY_COUNCIL_ADDR");
+    address EMERGENCY_MULTISIG_ADDR = vm.envAddress("L2_EMERGENCY_MULTISIG_ADDR");
 
     address L2_SCROLL_OWNER_ADDR = vm.envAddress("L2_SCROLL_OWNER_ADDR");
     address L2_1D_TIMELOCK_ADDR = vm.envAddress("L2_1D_TIMELOCK_ADDR");
@@ -59,9 +59,6 @@ contract InitializeL2ScrollOwner is Script {
     address L2_ERC721_GATEWAY_PROXY_ADDR = vm.envAddress("L2_ERC721_GATEWAY_PROXY_ADDR");
     address L2_ERC1155_GATEWAY_PROXY_ADDR = vm.envAddress("L2_ERC1155_GATEWAY_PROXY_ADDR");
 
-    address L2_ETH_RATE_LIMITER_ADDR = vm.envAddress("L2_ETH_RATE_LIMITER_ADDR");
-    address L2_TOKEN_RATE_LIMITER_ADDR = vm.envAddress("L2_TOKEN_RATE_LIMITER_ADDR");
-
     ScrollOwner owner;
 
     function run() external {
@@ -79,8 +76,6 @@ contract InitializeL2ScrollOwner is Script {
         configL2CustomERC20Gateway();
         configL2ERC721Gateway();
         configL2ERC1155Gateway();
-        configETHRateLimiter();
-        configTokenRateLimiter();
 
         // @note comments out for testnet
         // configL2USDCGateway();
@@ -107,17 +102,12 @@ contract InitializeL2ScrollOwner is Script {
         Ownable(L2_ERC1155_GATEWAY_PROXY_ADDR).transferOwnership(address(owner));
 
         // Ownable(L2_USDC_GATEWAY_PROXY_ADDR).transferOwnership(address(owner));
-
-        Ownable(L2_ETH_RATE_LIMITER_ADDR).transferOwnership(address(owner));
-
-        TokenRateLimiter tokenRateLimiter = TokenRateLimiter(L2_TOKEN_RATE_LIMITER_ADDR);
-        tokenRateLimiter.grantRole(tokenRateLimiter.DEFAULT_ADMIN_ROLE(), address(owner));
-        tokenRateLimiter.revokeRole(tokenRateLimiter.DEFAULT_ADMIN_ROLE(), vm.addr(L2_DEPLOYER_PRIVATE_KEY));
     }
 
     function grantRoles() internal {
         owner.grantRole(SECURITY_COUNCIL_NO_DELAY_ROLE, SECURITY_COUNCIL_ADDR);
         owner.grantRole(SCROLL_MULTISIG_NO_DELAY_ROLE, SCROLL_MULTISIG_ADDR);
+        owner.grantRole(EMERGENCY_MULTISIG_NO_DELAY_ROLE, EMERGENCY_MULTISIG_ADDR);
         owner.grantRole(TIMELOCK_1DAY_DELAY_ROLE, L2_1D_TIMELOCK_ADDR);
         owner.grantRole(TIMELOCK_7DAY_DELAY_ROLE, L2_7D_TIMELOCK_ADDR);
 
@@ -138,20 +128,22 @@ contract InitializeL2ScrollOwner is Script {
     function configL1GasPriceOracle() internal {
         bytes4[] memory _selectors;
 
-        // no delay, scroll multisig
+        // no delay, scroll multisig and emergency multisig
         _selectors = new bytes4[](2);
         _selectors[0] = L1GasPriceOracle.setOverhead.selector;
         _selectors[1] = L1GasPriceOracle.setScalar.selector;
         owner.updateAccess(L1_GAS_PRICE_ORACLE_ADDR, _selectors, SCROLL_MULTISIG_NO_DELAY_ROLE, true);
+        owner.updateAccess(L1_GAS_PRICE_ORACLE_ADDR, _selectors, EMERGENCY_MULTISIG_NO_DELAY_ROLE, true);
     }
 
     function configL2TxFeeVault() internal {
         bytes4[] memory _selectors;
 
-        // no delay, scroll multisig
+        // no delay, scroll multisig and emergency multisig
         _selectors = new bytes4[](1);
         _selectors[0] = L2TxFeeVault.updateMinWithdrawAmount.selector;
         owner.updateAccess(L2_TX_FEE_VAULT_ADDR, _selectors, SCROLL_MULTISIG_NO_DELAY_ROLE, true);
+        owner.updateAccess(L2_TX_FEE_VAULT_ADDR, _selectors, EMERGENCY_MULTISIG_NO_DELAY_ROLE, true);
     }
 
     function configL2Whitelist() internal {
@@ -166,10 +158,11 @@ contract InitializeL2ScrollOwner is Script {
     function configL2ScrollMessenger() internal {
         bytes4[] memory _selectors;
 
-        // no delay, scroll multisig
+        // no delay, scroll multisig and emergency multisig
         _selectors = new bytes4[](1);
         _selectors[0] = ScrollMessengerBase.setPause.selector;
         owner.updateAccess(L2_SCROLL_MESSENGER_PROXY_ADDR, _selectors, SCROLL_MULTISIG_NO_DELAY_ROLE, true);
+        owner.updateAccess(L2_SCROLL_MESSENGER_PROXY_ADDR, _selectors, EMERGENCY_MULTISIG_NO_DELAY_ROLE, true);
     }
 
     function configL2GatewayRouter() internal {
@@ -208,30 +201,6 @@ contract InitializeL2ScrollOwner is Script {
         owner.updateAccess(L2_ERC1155_GATEWAY_PROXY_ADDR, _selectors, TIMELOCK_1DAY_DELAY_ROLE, true);
     }
 
-    function configETHRateLimiter() internal {
-        bytes4[] memory _selectors;
-
-        // no delay, scroll multisig
-        _selectors = new bytes4[](1);
-        _selectors[0] = ETHRateLimiter.updateTotalLimit.selector;
-        owner.updateAccess(L2_ETH_RATE_LIMITER_ADDR, _selectors, SCROLL_MULTISIG_NO_DELAY_ROLE, true);
-    }
-
-    function configTokenRateLimiter() internal {
-        bytes4[] memory _selectors;
-
-        // no delay, scroll multisig
-        _selectors = new bytes4[](2);
-        _selectors[0] = TokenRateLimiter.updateTotalLimit.selector;
-        _selectors[1] = AccessControl.grantRole.selector;
-        owner.updateAccess(L2_TOKEN_RATE_LIMITER_ADDR, _selectors, SCROLL_MULTISIG_NO_DELAY_ROLE, true);
-
-        // delay 7 day, scroll multisig
-        _selectors = new bytes4[](1);
-        _selectors[0] = AccessControl.revokeRole.selector;
-        owner.updateAccess(L2_TOKEN_RATE_LIMITER_ADDR, _selectors, TIMELOCK_7DAY_DELAY_ROLE, true);
-    }
-
     /*
     function configL2USDCGateway() internal {
         bytes4[] memory _selectors;