166 lines
5.3 KiB
Solidity
166 lines
5.3 KiB
Solidity
|
|
// SPDX-License-Identifier: MIT
|
||
|
|
pragma solidity ^0.8.20;
|
||
|
|
|
||
|
|
import "@openzeppelin/contracts/access/AccessControl.sol";
|
||
|
|
import "../interop/BridgeEscrowVault.sol";
|
||
|
|
import "../../emoney/PolicyManager.sol";
|
||
|
|
import "../../emoney/ComplianceRegistry.sol";
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title eMoneyPolicyEnforcer
|
||
|
|
* @notice Enforces eMoney transfer restrictions on bridge operations
|
||
|
|
* @dev Integrates PolicyManager and ComplianceRegistry with bridge
|
||
|
|
*/
|
||
|
|
contract eMoneyPolicyEnforcer is AccessControl {
|
||
|
|
bytes32 public constant ENFORCER_ROLE = keccak256("ENFORCER_ROLE");
|
||
|
|
bytes32 public constant OPERATOR_ROLE = keccak256("OPERATOR_ROLE");
|
||
|
|
|
||
|
|
BridgeEscrowVault public bridgeEscrowVault;
|
||
|
|
PolicyManager public policyManager;
|
||
|
|
ComplianceRegistry public complianceRegistry;
|
||
|
|
mapping(address => bool) public enabledTokens; // eMoney token => enabled
|
||
|
|
|
||
|
|
event TokenEnabled(address indexed token, bool enabled);
|
||
|
|
event TransferAuthorized(
|
||
|
|
address indexed token,
|
||
|
|
address indexed from,
|
||
|
|
address indexed to,
|
||
|
|
uint256 amount,
|
||
|
|
bool authorized
|
||
|
|
);
|
||
|
|
|
||
|
|
error TransferNotAuthorized();
|
||
|
|
error TokenNotEnabled();
|
||
|
|
error InvalidToken();
|
||
|
|
|
||
|
|
constructor(
|
||
|
|
address admin,
|
||
|
|
address bridgeEscrowVault_,
|
||
|
|
address policyManager_,
|
||
|
|
address complianceRegistry_
|
||
|
|
) {
|
||
|
|
_grantRole(DEFAULT_ADMIN_ROLE, admin);
|
||
|
|
_grantRole(ENFORCER_ROLE, admin);
|
||
|
|
_grantRole(OPERATOR_ROLE, admin);
|
||
|
|
|
||
|
|
require(bridgeEscrowVault_ != address(0), "eMoneyPolicyEnforcer: zero bridge");
|
||
|
|
require(policyManager_ != address(0), "eMoneyPolicyEnforcer: zero policy manager");
|
||
|
|
require(complianceRegistry_ != address(0), "eMoneyPolicyEnforcer: zero compliance registry");
|
||
|
|
|
||
|
|
bridgeEscrowVault = BridgeEscrowVault(bridgeEscrowVault_);
|
||
|
|
policyManager = PolicyManager(policyManager_);
|
||
|
|
complianceRegistry = ComplianceRegistry(complianceRegistry_);
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @notice Check if transfer is authorized before bridge operation
|
||
|
|
* @param token eMoney token address
|
||
|
|
* @param from Source address
|
||
|
|
* @param to Destination address (bridge escrow)
|
||
|
|
* @param amount Amount to bridge
|
||
|
|
* @return authorized True if transfer is authorized
|
||
|
|
*/
|
||
|
|
function checkTransferAuthorization(
|
||
|
|
address token,
|
||
|
|
address from,
|
||
|
|
address to,
|
||
|
|
uint256 amount
|
||
|
|
) external returns (bool authorized) {
|
||
|
|
if (!enabledTokens[token]) revert TokenNotEnabled();
|
||
|
|
|
||
|
|
// Check PolicyManager authorization
|
||
|
|
(bool isAuthorized, bytes32 reasonCode) = policyManager.canTransfer(
|
||
|
|
token,
|
||
|
|
from,
|
||
|
|
to,
|
||
|
|
amount
|
||
|
|
);
|
||
|
|
|
||
|
|
if (!isAuthorized) {
|
||
|
|
emit TransferAuthorized(token, from, to, amount, false);
|
||
|
|
revert TransferNotAuthorized();
|
||
|
|
}
|
||
|
|
|
||
|
|
// Check ComplianceRegistry restrictions
|
||
|
|
bool complianceAllowed = complianceRegistry.canTransfer(token, from, to, amount);
|
||
|
|
|
||
|
|
if (!complianceAllowed) {
|
||
|
|
emit TransferAuthorized(token, from, to, amount, false);
|
||
|
|
revert TransferNotAuthorized();
|
||
|
|
}
|
||
|
|
|
||
|
|
emit TransferAuthorized(token, from, to, amount, true);
|
||
|
|
authorized = true;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @notice Check transfer authorization with additional context
|
||
|
|
* @param token eMoney token address
|
||
|
|
* @param from Source address
|
||
|
|
* @param to Destination address
|
||
|
|
* @param amount Amount to transfer
|
||
|
|
* @param context Additional context data
|
||
|
|
* @return authorized True if transfer is authorized
|
||
|
|
*/
|
||
|
|
function checkTransferAuthorizationWithContext(
|
||
|
|
address token,
|
||
|
|
address from,
|
||
|
|
address to,
|
||
|
|
uint256 amount,
|
||
|
|
bytes memory context
|
||
|
|
) external returns (bool authorized) {
|
||
|
|
if (!enabledTokens[token]) revert TokenNotEnabled();
|
||
|
|
|
||
|
|
// Check PolicyManager with context
|
||
|
|
(bool isAuthorized, bytes32 reasonCode) = policyManager.canTransferWithContext(
|
||
|
|
token,
|
||
|
|
from,
|
||
|
|
to,
|
||
|
|
amount,
|
||
|
|
context
|
||
|
|
);
|
||
|
|
|
||
|
|
if (!isAuthorized) {
|
||
|
|
emit TransferAuthorized(token, from, to, amount, false);
|
||
|
|
revert TransferNotAuthorized();
|
||
|
|
}
|
||
|
|
|
||
|
|
// Check ComplianceRegistry
|
||
|
|
bool complianceAllowed = complianceRegistry.canTransfer(token, from, to, amount);
|
||
|
|
|
||
|
|
if (!complianceAllowed) {
|
||
|
|
emit TransferAuthorized(token, from, to, amount, false);
|
||
|
|
revert TransferNotAuthorized();
|
||
|
|
}
|
||
|
|
|
||
|
|
emit TransferAuthorized(token, from, to, amount, true);
|
||
|
|
authorized = true;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @notice Enable an eMoney token for policy enforcement
|
||
|
|
* @param token eMoney token address
|
||
|
|
*/
|
||
|
|
function enableToken(address token) external onlyRole(OPERATOR_ROLE) {
|
||
|
|
require(token != address(0), "eMoneyPolicyEnforcer: zero token");
|
||
|
|
enabledTokens[token] = true;
|
||
|
|
emit TokenEnabled(token, true);
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @notice Disable an eMoney token
|
||
|
|
* @param token eMoney token address
|
||
|
|
*/
|
||
|
|
function disableToken(address token) external onlyRole(OPERATOR_ROLE) {
|
||
|
|
enabledTokens[token] = false;
|
||
|
|
emit TokenEnabled(token, false);
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @notice Check if token is enabled
|
||
|
|
*/
|
||
|
|
function isTokenEnabled(address token) external view returns (bool) {
|
||
|
|
return enabledTokens[token];
|
||
|
|
}
|
||
|
|
}
|