KintoXYZ · ylv-io · Dec 6, 2024 · Nov 27, 2024 · Nov 28, 2024 · Nov 28, 2024
diff --git a/src/KintoID.sol b/src/KintoID.sol
@@ -43,6 +43,10 @@
 
     bytes32 public constant override KYC_PROVIDER_ROLE = keccak256("KYC_PROVIDER_ROLE");
     bytes32 public constant override UPGRADER_ROLE = keccak256("UPGRADER_ROLE");
+    bytes32 public constant override GOVERNANCE_ROLE = keccak256("GOVERNANCE_ROLE");
+
+    address public immutable override walletFactory;
+    address public immutable override faucet;
 
     /* ============ State Variables ============ */
 
@@ -63,8 +67,12 @@
     // Indicates which accounts are allowed to transfer their Kinto ID to another account
     mapping(address => address) public override recoveryTargets;
 
-    address public immutable override walletFactory;
-    address public immutable override faucet;
+    /// @notice DEPRECATED: Address of an wallet factory.
+    address private __walletFactory;
+
+    /// @notice Mapping of an user to a timestamp of when sanction was applied last time.
+    mapping(address => uint256) public sanctionedAt;
+
     /* ============ Constructor & Initializers ============ */
 
     /// @custom:oz-upgrades-unsafe-allow constructor
@@ -315,6 +323,9 @@
             meta.updatedAt = block.timestamp;
             lastMonitoredAt = block.timestamp;
             emit SanctionAdded(_account, _countryId, block.timestamp);
+
+            // Set the timestamp when the sanction was added
+            sanctionedAt[_account] = block.timestamp;
         }
     }
 
@@ -361,7 +372,14 @@
      * @return true if the account is sanctions safe.
      */
     function isSanctionsSafe(address _account) public view virtual override returns (bool) {
-        return isSanctionsMonitored(7) && _kycmetas[_account].sanctionsCount == 0;
+        Metadata storage meta = _kycmetas[_account];
+        if (meta.sanctionsCount > 0 || !isSanctionsMonitored(7)) {
+            // If the sanction is not confirmed within 3 days, consider the account sanctions safe
+            return (block.timestamp - sanctionedAt[_account]) > 3 days;
+        }
+
+        // If the account has no sanctions, consider it sanctions safe
+        return true;
     }
 
     /**
@@ -371,7 +389,18 @@
      * @return true if the account is sanctions safe in a given country.
      */
     function isSanctionsSafeIn(address _account, uint16 _countryId) external view virtual override returns (bool) {
-        return isSanctionsMonitored(7) && !_kycmetas[_account].sanctions.get(_countryId);
+        if (_kycmetas[_account].sanctions.get(_countryId) || !isSanctionsMonitored(7)) {
+            // If the sanction is not confirmed within 3 days, consider the account sanctions safe
+            return (block.timestamp - sanctionedAt[_account]) > 3 days;
+        }
+
+        // If the account has no sanctions, consider it sanctions safe
+        return true;
+    }
+
+    function confirmSanction(address _account) external onlyRole(GOVERNANCE_ROLE) {
+        // reset sanction timestamp to make the sanction indefinte
+        sanctionedAt[_account] = 0;
     }
 
     /**
@@ -386,7 +415,7 @@
     /**
      * @dev Returns whether the KYC account is an individual
      * @param _account account to be checked.
-     * @return true if the account is an indivdual.
+     * @return true if the account is an individual.
      */
     function isIndividual(address _account) external view override returns (bool) {
         return _kycmetas[_account].individual;

diff --git a/src/interfaces/IKintoID.sol b/src/interfaces/IKintoID.sol
@@ -92,6 +92,8 @@ interface IKintoID {
 
     function UPGRADER_ROLE() external view returns (bytes32);
 
+    function GOVERNANCE_ROLE() external view returns (bytes32);
+
     function lastMonitoredAt() external view returns (uint256);
 
     function nonces(address _account) external view returns (uint256);

diff --git a/test/unit/KintoID.t.sol b/test/unit/KintoID.t.sol
@@ -381,9 +381,33 @@ contract KintoIDTest is SharedSetup {
         traits[0] = 1;
         _kintoID.mintIndividualKyc(sigdata, traits);
         _kintoID.addSanction(_user, 1);
+
+        assertEq(_kintoID.isSanctionsSafeIn(_user, 1), false);
+        assertEq(_kintoID.isSanctionsSafe(_user), false);
+        assertEq(_kintoID.lastMonitoredAt(), block.timestamp);
+    }
+
+    function testAddSanction_WhenNotConfirmed() public {
+        vm.startPrank(_kycProvider);
+        IKintoID.SignatureData memory sigdata = _auxCreateSignature(_kintoID, _user, _userPk, block.timestamp + 1000);
+        uint16[] memory traits = new uint16[](1);
+        traits[0] = 1;
+        _kintoID.mintIndividualKyc(sigdata, traits);
+        _kintoID.addSanction(_user, 1);
+
         assertEq(_kintoID.isSanctionsSafeIn(_user, 1), false);
         assertEq(_kintoID.isSanctionsSafe(_user), false);
         assertEq(_kintoID.lastMonitoredAt(), block.timestamp);
+        assertEq(_kintoID.sanctionedAt(_user), block.timestamp);
+
+        uint256 sanctionTime = block.timestamp;
+
+        vm.warp(block.timestamp + 3 days + 1);
+
+        assertEq(_kintoID.isSanctionsSafeIn(_user, 1), true);
+        assertEq(_kintoID.isSanctionsSafe(_user), true);
+        assertEq(_kintoID.lastMonitoredAt(), sanctionTime);
+        assertEq(_kintoID.sanctionedAt(_user), sanctionTime);
     }
 
     function testRemoveSancion() public {