[Fix] - merge all audit fixes

[thedarkjester]

This PR implements issue(s) #

Checklist

• I wrote new tests for my new core changes.
• I have successfully ran tests, style checker and build against my new changes locally.
• I have informed the team of any breaking changes if there are any.

---

Note

High Risk
Touches core rollup/messaging/bridge upgrade paths and pausing behavior; incorrect version gating, slot clearing, or pause timing could break upgrades or emergency controls in production.

Overview
Hardens upgrade/initialization flows across core contracts by introducing InitializationVersionCheck and using onlyInitializedVersion(0) + reinitializer(N) in TokenBridge, L2MessageService, and LineaRollup, replacing prior proxy-admin gating and adding a new InitializedVersionWrong custom error.

Refactors reentrancy and upgrade-safety mechanics: the transient reentrancy guard now uses an explicit transient-storage key via tload/tstore, and upgrade reinitializers (reinitializeV3) clear legacy OZ reentrancy slots with an explicit guard (revert ReentrantCall if legacy slot indicates ENTERED). Multiple externally callable entrypoints were widened from external to public to support inheritance/overrides.

Reworks pausing semantics with per-type expiry (pauseTypeExpiryTimestamps), a new non-security-council pause window + cooldown (nonSecurityCouncilCooldownEnd), updated durations (48h/48h), and new events/errors (PausedIndefinitely, NonSecurityCouncilCooldownEndReset, OnlySecurityCouncilCanUnpauseIndefinitePause) plus a new SC-only resetNonSecurityCouncilCooldownEnd hook; tests and docs were updated accordingly. Also updates rollup init event (LineaRollupBaseInitialized) to include genesisShnarf, adds a new LineaRollup ABI artifact (LineaRollupV7.1.abi), and expands test helpers to read/write storage slots for upgrade simulation.

^{Written by Cursor Bugbot for commit 4aac3da. This will update automatically on new commits. Configure here.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.40%. Comparing base (317ee4a) to head (4aac3da).
⚠️ Report is 20 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #2346      +/-   ##
============================================
+ Coverage     60.93%   61.40%   +0.47%     
  Complexity     1619     1619              
============================================
  Files           436      438       +2     
  Lines         17363    17220     -143     
  Branches       1908     1905       -3     
============================================
- Hits          10580    10574       -6     
+ Misses         6123     5994     -129     
+ Partials        660      652       -8     

Flag	Coverage Δ		*Carryforward flag
hardhat	97.91% <100.00%> (+0.01%)	⬆️
kotlin	57.09% <ø> (+0.45%)	⬆️	Carriedforward from 7f2cdee

*This pull request uses carry forward flags. Click here to find out more.

Files with missing lines	Coverage Δ
contracts/src/bridging/token/TokenBridge.sol	100.00% <100.00%> (ø)
contracts/src/bridging/token/TokenBridgeBase.sol	100.00% <100.00%> (ø)
...ontracts/src/common/InitializationVersionCheck.sol	100.00% <100.00%> (ø)
contracts/src/messaging/l1/L1MessageManager.sol	100.00% <ø> (ø)
contracts/src/messaging/l1/L1MessageService.sol	94.64% <100.00%> (ø)
...ontracts/src/messaging/l1/L1MessageServiceBase.sol	100.00% <ø> (ø)
contracts/src/messaging/l1/v1/ClaimMessageV1.sol	100.00% <100.00%> (ø)
contracts/src/messaging/l2/L2MessageManager.sol	100.00% <ø> (ø)
contracts/src/messaging/l2/L2MessageService.sol	100.00% <100.00%> (ø)
...ontracts/src/messaging/l2/L2MessageServiceBase.sol	100.00% <100.00%> (ø)
... and 12 more

... and 25 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[cursor]

ABI file has wrong indexed flag for event parameter

Medium Severity

The UnPausedDueToExpiry event in the ABI file has "indexed": false for the pauseType parameter, but the Solidity interface declares it as PauseType indexed pauseType. This mismatch means any off-chain client or monitoring tool using this ABI will fail to correctly decode or filter UnPausedDueToExpiry events, since the actual pauseType value will be in topics[1] while the client expects it in the event data blob.

Additional Locations (1)

• contracts/src/security/pausing/interfaces/IPauseManager.sol#L63-L64