Audit fixes

[kovalgek]

New feature.

Pause/Resume token rate updates. #14

Fixes from MixBytes audit.

Description	Resolution
2.2.1 stETH liquidity problem	fixed
2.3.1 Rounding errors	fixed: unwrapShares() method was added
2.4.1 ERC20Bridged name and symbol are not checked	fixed: check name and symbol for non-zero length in ERC20Metadata
2.4.2 Unrestricted initialize ERC20BridgedPermit	fixed: _isMetadataInitialized was added to initializer
2.4.3 Tx with an incorrect rate will not revert.	fixed: The event was fixed
2.4.4 CEXes should work with shares.	fixed: Comment in TokenRateOracle was updated
2.4.5 The rate can differ inside one block	risks accepted
2.4.6 check maxAllowedTokenRateDeviationPerDay_	fixed: Check was added
2.4.7 check tokenRate_ and rateL1Timestamp_ in TokenRateOracle init	fixed
2.4.8 MAX_ALLOWED_L2_TO_L1_CLOCK_LAG should be updatable	won't do. MAX_ALLOWED_L2_TO_L1_CLOCK_LAG can be changed by updating the contract.
2.4.9 Optimizations	fixed
2.4.10 The rate can be set to 0	won't do
2.4.11 Important notes	fixed
2.4.12 Update comment	fixed
2.4.13 Transfers of zero value	won't do. zero transfers are legit ones for ERC20
2.4.14 The onlySupportedL1L2TokensPair modifier and the _getL1Token function can be unified	Won't do. L1Bridge is required to provide one token in depost/depositTo methods and L2Bridge only one token in withdraw/withdrawTo methods. Thus, unifying doesn't make sense in my opinion.
2.4.15 Missing zero address checks in bridges	fixed
2.4.16 PermitExtension.eip712Domain() may return incorrect values for name and version.	Won't do since using EIP712Upgradeable requires to use another OZ version. Mitigates by checking during deployment and testing.
2.4.17 Withdrawn stETH gets stuck on the bridge if the recipient is an stETH address on L1.	Fixed by checking address.
2.4.18 roundedUpNumberOfDays in _isTokenRateWithinAllowedRange() can be calculated more precisely	fixed

Ackee feedback:

Description	Resolution
L1: Insufficient token rate precision	fixed
L2: unwrap inconsistent tokens amount in event	fixed
W1: Usage of solc optimizer	won't do. There are already proxies that were compiled and deployed with Solc with Optimizer.
W2: ERC-20 transferFrom emits Approval	won't do. Core protocol also emits those events
W3: False comments	fixed
W4: Limited ERC-2612 use-case with ERC-1271	fixed by adding new permit method
W5: Use of a deprecated function	fixed: use grantRole
W6: Initializers can be front-run	won't do: deployment with upgradeAndCall solves the problem
W7: Linear calculation of the allowed token rate deviation	won't do
W8: Insufficient data validation	fixed: added data validation everywhere
I1: Uncached .length in for loop	fixed: cache .length when it's possible
I2: Inconsistent modifiers order	fixed: use consistent modifiers order
I3: Unused code	fixed: remove unused code
I4: Typos	fixed
I5: _mintShares can return tokensAmount to save gas	won't do, function name won't fit the return value

@Psirex feedback

Description	Resolution
1. pushTokenRate() and the Oracle report at the same block	agree that can acknowledge (see 2.4.5 above)
2. TokenRateOracle emergency brakes	added in #14

[TheDZhon]

⚠️ I suggest to think about Bogdan's review here as well (please add the points from him to the PR agenda)

[TheDZhon]

👀

[TheDZhon]

👀

[TheDZhon]

👍 🚀 The final countdown is around the corner

[TheDZhon]

Astonishing and outstanding work! 🫡

May the force be with you always ✊