Emergency Killswitch: add timelock bypass-prevention tests for schedule_unpause and pause-cancels-schedule

[Menjay7]

PR: Emergency Killswitch: Add Timelock Bypass-Prevention Tests for schedule_unpause and pause-cancels-schedule
Summary

Add comprehensive test coverage to ensure the Emergency Killswitch's unpause flow cannot bypass timelock requirements and that invoking pause invalidates any previously scheduled unpause operations.

These tests strengthen the safety guarantees of the emergency controls and prevent unintended or premature reactivation of the system.

Problem

The current test suite does not fully validate security-critical edge cases around unpausing:

schedule_unpause timelock enforcement is not comprehensively tested.
There is insufficient coverage preventing immediate or premature unpauses.
Existing unpause schedules may remain active after a subsequent pause.
Future changes could introduce state inconsistencies or bypass vectors.
Emergency recovery procedures rely on strict and deterministic timing semantics.
Solution

Introduce dedicated tests covering timelock bypass prevention and schedule invalidation behavior.

Test Coverage
Timelock Bypass Prevention

Verify that an unpause cannot occur before the configured timelock expires.

T0 → schedule_unpause()
T0 + 1m → unpause() ❌ Rejected
T0 + 1h → unpause() ❌ Rejected
T0 + TTL → unpause() ✅ Allowed

Assertions:

Unpause fails before the timelock expires.
Scheduled timestamps cannot be manipulated to bypass delays.
System remains paused until the timelock is satisfied.
Multiple premature unpause attempts do not mutate state.
Pause Cancels Scheduled Unpause

Verify that invoking pause clears any pending unpause schedule.

T0 → schedule_unpause()
T0 + 1h → pause()
T0 + TTL → unpause() ❌ Rejected

New schedule required:
schedule_unpause()
→ Wait for timelock
→ unpause() ✅ Allowed

Assertions:

Pending schedules are invalidated on pause.
Old schedules cannot be reused.
A fresh schedule is required after re-entering the paused state.
State transitions remain deterministic.
Implementation Details

Added tests that:

Schedule unpause operations with configurable timelocks.
Advance simulated time to boundary conditions.
Attempt unpauses before, at, and after expiration thresholds.
Trigger additional pause operations after scheduling.
Verify schedule invalidation and state consistency.
Confirm behavior remains deterministic across repeated executions.
Edge Cases Covered
Zero pending schedules.
Multiple consecutive schedule_unpause calls.
Repeated premature unpause attempts.
Pause immediately after scheduling.
Pause immediately before timelock expiration.
Unpause exactly at the timelock boundary.
Multiple pause/unpause scheduling cycles.
Stale schedule replay attempts.
Example Assertions
assert!(is_paused());
assert!(unpause().is_err());

pause();
assert!(scheduled_unpause().is_none());
schedule_unpause();
advance_time(TIMELOCK - 1);

assert!(unpause().is_err());

advance_time(1);
assert!(unpause().is_ok());
Testing Benefits
Prevents timelock bypass regressions.
Ensures emergency controls maintain strict recovery guarantees.
Eliminates stale unpause schedule replay scenarios.
Validates deterministic state transitions across pause cycles.
Strengthens confidence in the Emergency Killswitch's security model.
Breaking Changes

None.

This PR adds automated test coverage only and does not modify runtime behavior.

Closes: Missing security-focused test coverage for schedule_unpause timelock enforcement and pause-triggered unpause schedule invalidation in the Emergency killswitchflow... Closed #733

[Baskarayelu]

merged after rebasing - good to have the killswitch timelock bypass pinned down, especially schedule_unpause and the pause-cancels-schedule invariant. 🔐