fix: add pauser role to tss

v2/contracts/evm/ERC20Custody.sol

@@ -59,6 +59,7 @@ contract ERC20Custody is
         tssAddress = tssAddress_;
         _grantRole(DEFAULT_ADMIN_ROLE, admin_);
         _grantRole(PAUSER_ROLE, admin_);
+        _grantRole(PAUSER_ROLE, tssAddress_);
         _grantRole(WITHDRAWER_ROLE, tssAddress_);
         _grantRole(WHITELISTER_ROLE, admin_);
         _grantRole(WHITELISTER_ROLE, tssAddress_);

v2/contracts/evm/GatewayEVM.sol

@@ -63,6 +63,7 @@ contract GatewayEVM is
 
         _grantRole(DEFAULT_ADMIN_ROLE, admin_);
         _grantRole(PAUSER_ROLE, admin_);
+        _grantRole(PAUSER_ROLE, tssAddress_);
         tssAddress = tssAddress_;
         _grantRole(TSS_ROLE, tssAddress_);
 

v2/contracts/evm/ZetaConnectorBase.sol

@@ -72,6 +72,7 @@ abstract contract ZetaConnectorBase is
         _grantRole(WITHDRAWER_ROLE, tssAddress_);
         _grantRole(TSS_ROLE, tssAddress_);
         _grantRole(PAUSER_ROLE, admin_);
+        _grantRole(PAUSER_ROLE, tssAddress_);
     }
 
     /// @dev Authorizes the upgrade of the contract, sender must be owner.

v2/test/ERC20Custody.t.sol

@@ -33,6 +33,7 @@ contract ERC20CustodyTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IReceiv
     address owner;
     address destination;
     address tssAddress;
+    address foo;
     RevertContext revertContext;
 
     error EnforcedPause();
@@ -53,6 +54,7 @@ contract ERC20CustodyTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IReceiv
         owner = address(this);
         destination = address(0x1234);
         tssAddress = address(0x5678);
+        foo = address(0x9876);
 
         token = new TestERC20("test", "TTK");
         zeta = new TestERC20("zeta", "ZETA");
@@ -221,15 +223,15 @@ contract ERC20CustodyTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IReceiv
     }
 
     function testForwardCallToReceiveERC20ThroughCustodyTogglePause() public {
-        vm.prank(tssAddress);
-        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, tssAddress, PAUSER_ROLE));
+        vm.prank(foo);
+        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, foo, PAUSER_ROLE));
         custody.pause();
 
-        vm.prank(tssAddress);
-        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, tssAddress, PAUSER_ROLE));
+        vm.prank(foo);
+        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, foo, PAUSER_ROLE));
         gateway.unpause();
 
-        vm.prank(owner);
+        vm.prank(tssAddress);
         custody.pause();
 
         uint256 amount = 100_000;

v2/test/GatewayEVM.t.sol

@@ -34,6 +34,7 @@ contract GatewayEVMTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IReceiver
     address owner;
     address destination;
     address tssAddress;
+    address foo;
     RevertOptions revertOptions;
     RevertContext revertContext;
 
@@ -52,6 +53,7 @@ contract GatewayEVMTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IReceiver
         owner = address(this);
         destination = address(0x1234);
         tssAddress = address(0x5678);
+        foo = address(0x9876);
 
         token = new TestERC20("test", "TTK");
 
@@ -281,15 +283,15 @@ contract GatewayEVMTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IReceiver
     }
 
     function testForwardCallToReceiveNoParamsTogglePause() public {
-        vm.prank(tssAddress);
-        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, tssAddress, PAUSER_ROLE));
+        vm.prank(foo);
+        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, foo, PAUSER_ROLE));
         gateway.pause();
 
-        vm.prank(tssAddress);
-        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, tssAddress, PAUSER_ROLE));
+        vm.prank(foo);
+        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, foo, PAUSER_ROLE));
         gateway.unpause();
 
-        vm.prank(owner);
+        vm.prank(tssAddress);
         gateway.pause();
 
         bytes memory data = abi.encodeWithSignature("receiveNoParams()");

v2/test/ZetaConnectorNative.t.sol

@@ -39,6 +39,7 @@ contract ZetaConnectorNativeTest is
     address owner;
     address destination;
     address tssAddress;
+    address foo;
     RevertContext revertContext;
 
     error EnforcedPause();
@@ -55,6 +56,7 @@ contract ZetaConnectorNativeTest is
         owner = address(this);
         destination = address(0x1234);
         tssAddress = address(0x5678);
+        foo = address(0x9876);
 
         zetaToken = new TestERC20("zeta", "ZETA");
 
@@ -151,15 +153,15 @@ contract ZetaConnectorNativeTest is
         uint256 amount = 100_000;
         bytes32 internalSendHash = "";
 
-        vm.prank(tssAddress);
-        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, tssAddress, PAUSER_ROLE));
+        vm.prank(foo);
+        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, foo, PAUSER_ROLE));
         zetaConnector.pause();
 
-        vm.prank(tssAddress);
-        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, tssAddress, PAUSER_ROLE));
+        vm.prank(foo);
+        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, foo, PAUSER_ROLE));
         zetaConnector.unpause();
 
-        vm.prank(owner);
+        vm.prank(tssAddress);
         zetaConnector.pause();
 
         vm.expectRevert(EnforcedPause.selector);

v2/test/ZetaConnectorNonNative.t.sol

@@ -39,6 +39,7 @@ contract ZetaConnectorNonNativeTest is
     address owner;
     address destination;
     address tssAddress;
+    address foo;
     RevertContext revertContext;
 
     error AccessControlUnauthorizedAccount(address account, bytes32 neededRole);
@@ -55,6 +56,7 @@ contract ZetaConnectorNonNativeTest is
         owner = address(this);
         destination = address(0x1234);
         tssAddress = address(0x5678);
+        foo = address(0x9876);
 
         zetaToken = new ZetaNonEth(tssAddress, tssAddress);
 
@@ -109,15 +111,15 @@ contract ZetaConnectorNonNativeTest is
         uint256 amount = 100_000;
         bytes32 internalSendHash = "";
 
-        vm.prank(tssAddress);
-        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, tssAddress, PAUSER_ROLE));
+        vm.prank(foo);
+        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, foo, PAUSER_ROLE));
         zetaConnector.pause();
 
-        vm.prank(tssAddress);
-        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, tssAddress, PAUSER_ROLE));
+        vm.prank(foo);
+        vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, foo, PAUSER_ROLE));
         zetaConnector.unpause();
 
-        vm.prank(owner);
+        vm.prank(tssAddress);
         zetaConnector.pause();
 
         vm.expectRevert(EnforcedPause.selector);

v2/test/utils/upgrades/GatewayEVMUpgradeTest.sol

@@ -65,6 +65,7 @@ contract GatewayEVMUpgradeTest is
 
         _grantRole(DEFAULT_ADMIN_ROLE, admin_);
         _grantRole(PAUSER_ROLE, admin_);
+        _grantRole(PAUSER_ROLE, tssAddress_);
         tssAddress = tssAddress_;
         _grantRole(TSS_ROLE, tssAddress_);