Add timelocked transfer to SafeOwnable

contracts/access/ownable/ISafeOwnable.sol → contracts/access/ownable/safe/ISafeOwnable.sol

@@ -2,7 +2,7 @@
 
 pragma solidity ^0.8.24;
 
-import { IOwnable } from './IOwnable.sol';
+import { IOwnable } from '../IOwnable.sol';
 import { _ISafeOwnable } from './_ISafeOwnable.sol';
 
 interface ISafeOwnable is _ISafeOwnable, IOwnable {

contracts/access/ownable/SafeOwnable.sol → contracts/access/ownable/safe/SafeOwnable.sol

@@ -2,9 +2,9 @@
 
 pragma solidity ^0.8.24;
 
-import { Ownable } from './Ownable.sol';
+import { Ownable } from '../Ownable.sol';
+import { _Ownable } from '../_Ownable.sol';
 import { ISafeOwnable } from './ISafeOwnable.sol';
-import { _Ownable } from './_Ownable.sol';
 import { _SafeOwnable } from './_SafeOwnable.sol';
 
 /**

contracts/access/ownable/safe/_ISafeOwnable.sol

@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.24;
+
+import { timestamp } from '../../../utils/time/Timestamp.sol';
+import { _IOwnable } from '../_IOwnable.sol';
+
+interface _ISafeOwnable is _IOwnable {
+    event OwnershipTransferInitiated(
+        address indexed previousOwner,
+        address indexed newOwner,
+        timestamp timelockEndTimestamp
+    );
+
+    error SafeOwnable__NotNomineeOwner();
+}

contracts/access/ownable/safe/_SafeOwnable.sol

@@ -0,0 +1,108 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.24;
+
+import { ERC173Storage } from '../../../storage/ERC173Storage.sol';
+import { Duration, duration } from '../../../utils/time/Duration.sol';
+import { Timelock, timelock } from '../../../utils/time/Timelock.sol';
+import { _Ownable } from '../_Ownable.sol';
+import { _ISafeOwnable } from './_ISafeOwnable.sol';
+
+abstract contract _SafeOwnable is _ISafeOwnable, _Ownable {
+    modifier onlyNomineeOwner() {
+        if (_msgSender() != _nomineeOwner())
+            revert SafeOwnable__NotNomineeOwner();
+        _;
+    }
+
+    /**
+     * @notice get the nominated owner who has permission to call acceptOwnership
+     */
+    function _nomineeOwner() internal view virtual returns (address) {
+        return
+            ERC173Storage
+                .layout(ERC173Storage.DEFAULT_STORAGE_SLOT)
+                .nomineeOwner;
+    }
+
+    /**
+     * @notice query the waiting period after an ownership transfer is initiated before the nomineeOwner can claim ownership
+     * @return transferTimelockDuration duration of waiting period
+     */
+    function _getTransferTimelockDuration()
+        internal
+        view
+        virtual
+        returns (duration transferTimelockDuration)
+    {
+        transferTimelockDuration = ERC173Storage
+            .layout(ERC173Storage.DEFAULT_STORAGE_SLOT)
+            .transferTimelockDuration;
+    }
+
+    /**
+     * @notice accept transfer of contract ownership
+     */
+    function _acceptOwnership() internal virtual onlyNomineeOwner {
+        ERC173Storage.Layout storage $ = ERC173Storage.layout(
+            ERC173Storage.DEFAULT_STORAGE_SLOT
+        );
+
+        $.transferTimelock.requireUnlocked();
+
+        _setOwner(_msgSender());
+
+        delete $.nomineeOwner;
+    }
+
+    /**
+     * @notice grant permission to given address to claim contract ownership
+     */
+    function _transferOwnership(
+        address account
+    ) internal virtual override onlyOwner {
+        _setNomineeOwner(account);
+        timelock transferTimelock = _setTransferTimelock();
+        emit OwnershipTransferInitiated(
+            _owner(),
+            account,
+            transferTimelock.getEndTimestamp()
+        );
+    }
+
+    /**
+     * @notice set nominee owner
+     */
+    function _setNomineeOwner(address account) internal virtual {
+        ERC173Storage
+            .layout(ERC173Storage.DEFAULT_STORAGE_SLOT)
+            .nomineeOwner = account;
+    }
+
+    /**
+     * @notice set the transfer timelock relative to current timestamp
+     */
+    function _setTransferTimelock()
+        internal
+        virtual
+        returns (timelock transferTimelock)
+    {
+        transferTimelock = Timelock.create(_getTransferTimelockDuration());
+
+        ERC173Storage
+            .layout(ERC173Storage.DEFAULT_STORAGE_SLOT)
+            .transferTimelock = transferTimelock;
+    }
+
+    /**
+     * @notice set the duration used when creating transfer timelocks
+     * @param transferTimelockDuration duration of transfer timelock
+     */
+    function _setTransferTimelockDuration(
+        duration transferTimelockDuration
+    ) internal virtual {
+        ERC173Storage
+            .layout(ERC173Storage.DEFAULT_STORAGE_SLOT)
+            .transferTimelockDuration = transferTimelockDuration;
+    }
+}

contracts/index.sol

@@ -15,13 +15,13 @@ import './access/initializable/Initializable.sol';
 import './access/initializable/_IInitializable.sol';
 import './access/initializable/_Initializable.sol';
 import './access/ownable/IOwnable.sol';
-import './access/ownable/ISafeOwnable.sol';
 import './access/ownable/Ownable.sol';
-import './access/ownable/SafeOwnable.sol';
 import './access/ownable/_IOwnable.sol';
-import './access/ownable/_ISafeOwnable.sol';
 import './access/ownable/_Ownable.sol';
-import './access/ownable/_SafeOwnable.sol';
+import './access/ownable/safe/ISafeOwnable.sol';
+import './access/ownable/safe/SafeOwnable.sol';
+import './access/ownable/safe/_ISafeOwnable.sol';
+import './access/ownable/safe/_SafeOwnable.sol';
 import './access/partially_pausable/IPartiallyPausable.sol';
 import './access/partially_pausable/PartiallyPausable.sol';
 import './access/partially_pausable/_IPartiallyPausable.sol';
@@ -245,6 +245,7 @@ import './token/non_fungible/metadata/_INonFungibleTokenMetadata.sol';
 import './token/non_fungible/metadata/_NonFungibleTokenMetadata.sol';
 import './utils/Address.sol';
 import './utils/Array.sol';
+import './utils/Block.sol';
 import './utils/Bool.sol';
 import './utils/Bytes32.sol';
 import './utils/IMulticall.sol';
@@ -257,3 +258,6 @@ import './utils/SafeERC20.sol';
 import './utils/Uint256.sol';
 import './utils/_IMulticall.sol';
 import './utils/_Multicall.sol';
+import './utils/time/Duration.sol';
+import './utils/time/Timelock.sol';
+import './utils/time/Timestamp.sol';

contracts/storage/ERC173Storage.sol

@@ -3,6 +3,8 @@
 pragma solidity ^0.8.24;
 
 import { Slot } from '../data/Slot.sol';
+import { duration } from '../utils/time/Duration.sol';
+import { timelock } from '../utils/time/Timelock.sol';
 
 library ERC173Storage {
     /**
@@ -11,6 +13,8 @@ library ERC173Storage {
     struct Layout {
         address owner;
         address nomineeOwner;
+        timelock transferTimelock;
+        duration transferTimelockDuration;
     }
 
     Slot.StorageSlot internal constant DEFAULT_STORAGE_SLOT =

contracts/test/DurationTest.sol

@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.24;
+
+import { duration } from '../utils/time/Duration.sol';
+
+contract DurationTest {
+    function eq(duration d0, duration d1) external pure returns (bool status) {
+        status = d0 == d1;
+    }
+
+    function notEq(
+        duration d0,
+        duration d1
+    ) external pure returns (bool status) {
+        status = d0 != d1;
+    }
+
+    function gt(duration d0, duration d1) external pure returns (bool status) {
+        status = d0 > d1;
+    }
+
+    function lt(duration d0, duration d1) external pure returns (bool status) {
+        status = d0 < d1;
+    }
+
+    function gte(duration d0, duration d1) external pure returns (bool status) {
+        status = d0 >= d1;
+    }
+
+    function lte(duration d0, duration d1) external pure returns (bool status) {
+        status = d0 <= d1;
+    }
+
+    function add(
+        duration d0,
+        duration d1
+    ) external pure returns (duration result) {
+        result = d0 + d1;
+    }
+
+    function sub(
+        duration d0,
+        duration d1
+    ) external pure returns (duration result) {
+        result = d0 - d1;
+    }
+}

contracts/test/TimestampTest.sol

@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.24;
+
+import { timestamp } from '../utils/time/Timestamp.sol';
+
+contract TimestampTest {
+    function eq(
+        timestamp t0,
+        timestamp t1
+    ) external pure returns (bool status) {
+        status = t0 == t1;
+    }
+
+    function notEq(
+        timestamp t0,
+        timestamp t1
+    ) external pure returns (bool status) {
+        status = t0 != t1;
+    }
+
+    function gt(
+        timestamp t0,
+        timestamp t1
+    ) external pure returns (bool status) {
+        status = t0 > t1;
+    }
+
+    function lt(
+        timestamp t0,
+        timestamp t1
+    ) external pure returns (bool status) {
+        status = t0 < t1;
+    }
+
+    function gte(
+        timestamp t0,
+        timestamp t1
+    ) external pure returns (bool status) {
+        status = t0 >= t1;
+    }
+
+    function lte(
+        timestamp t0,
+        timestamp t1
+    ) external pure returns (bool status) {
+        status = t0 <= t1;
+    }
+}

contracts/utils/Block.sol

@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.24;
+
+import { timestamp as _timestamp } from './time/Timestamp.sol';
+
+library Block {
+    /**
+     * @notice replacement for block.timestamp which returns the current time as a Timestamp type
+     * @return blockTimestamp current timestamp
+     */
+    function timestamp() internal view returns (_timestamp blockTimestamp) {
+        assembly {
+            blockTimestamp := timestamp()
+        }
+    }
+}