From e56cbf86ff0ae073d712f0ba25d9ba5ca37d351c Mon Sep 17 00:00:00 2001
From: Shane Earley <shanejearley@gmail.com>
Date: Tue, 22 Aug 2023 17:24:25 -0400
Subject: [PATCH] Restrict payable functions set for admin functionality

---
 contracts/ethereum/src/v1/CasimirManager.sol   | 18 +++++++++++++++---
 contracts/ethereum/src/v1/CasimirPool.sol      |  6 ++++--
 .../src/v1/interfaces/ICasimirManager.sol      |  2 +-
 3 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/contracts/ethereum/src/v1/CasimirManager.sol b/contracts/ethereum/src/v1/CasimirManager.sol
index e59600bea..e1e4c9dc0 100644
--- a/contracts/ethereum/src/v1/CasimirManager.sol
+++ b/contracts/ethereum/src/v1/CasimirManager.sol
@@ -291,9 +291,14 @@ contract CasimirManager is ICasimirManager, Ownable, ReentrancyGuard {
     }
 
     /**
-     * @notice Deposit a given amount of rewards
+     * @notice Deposit a given amount of rewards from a pool
+     * @param poolId The pool ID
      */
-    function depositRewards() external payable {
+    function depositRewards(uint32 poolId) external payable {
+        require(msg.value > 0, "No rewards to deposit");
+        address poolAddress = poolAddresses[poolId];
+        require(msg.sender == poolAddress, "Not pool");
+
         uint256 rewardsAfterFees = subtractFees(msg.value);
         reservedFeeBalance += msg.value - rewardsAfterFees;
         distributeStake(rewardsAfterFees);
@@ -766,8 +771,15 @@ contract CasimirManager is ICasimirManager, Ownable, ReentrancyGuard {
 
         while (count > 0) {
             count--;
-
             uint32 poolId = pendingPoolIds[0];
+            ICasimirPool pool = ICasimirPool(poolAddresses[poolId]);
+            ICasimirPool.PoolDetails memory poolDetails = pool.getDetails();
+            require(
+                poolDetails.status == ICasimirPool.PoolStatus.PENDING,
+                "Pool not pending"
+            );
+
+            pool.setStatus(ICasimirPool.PoolStatus.ACTIVE);
             pendingPoolIds.remove(0);
             stakedPoolIds.push(poolId);
 
diff --git a/contracts/ethereum/src/v1/CasimirPool.sol b/contracts/ethereum/src/v1/CasimirPool.sol
index 933cbb3c2..eab5ce3c7 100644
--- a/contracts/ethereum/src/v1/CasimirPool.sol
+++ b/contracts/ethereum/src/v1/CasimirPool.sol
@@ -69,8 +69,10 @@ contract CasimirPool is ICasimirPool, Ownable, ReentrancyGuard {
      * @notice Deposit rewards from a pool to the manager
      */
     function depositRewards() external onlyOwner {
+        require(status == PoolStatus.ACTIVE, "Pool must be active");
+
         uint256 balance = address(this).balance;
-        manager.depositRewards{value: balance}();
+        manager.depositRewards{value: balance}(id);
     }
 
     /**
@@ -83,7 +85,7 @@ contract CasimirPool is ICasimirPool, Ownable, ReentrancyGuard {
         uint256 balance = address(this).balance;
         int256 rewards = int256(balance) - int256(POOL_CAPACITY);
         if (rewards > 0) {
-            manager.depositRewards{value: uint256(rewards)}();
+            manager.depositRewards{value: uint256(rewards)}(id);
         }
         for (uint256 i = 0; i < blamePercents.length; i++) {
             uint256 blameAmount;
diff --git a/contracts/ethereum/src/v1/interfaces/ICasimirManager.sol b/contracts/ethereum/src/v1/interfaces/ICasimirManager.sol
index 985892597..3b6405151 100644
--- a/contracts/ethereum/src/v1/interfaces/ICasimirManager.sol
+++ b/contracts/ethereum/src/v1/interfaces/ICasimirManager.sol
@@ -70,7 +70,7 @@ interface ICasimirManager {
     /*************/
 
     function depositStake() external payable;
-    function depositRewards() external payable;
+    function depositRewards(uint32 poolId) external payable;
     function depositExitedBalance(uint32 poolId) external payable;
     function depositRecoveredBalance(uint32 poolId) external payable;
     function depositReservedFees() external payable;