Emergency Procedures

How to handle security incidents and emergency situations with Integra contracts.

Overview

Integra smart contracts include emergency controls designed to protect users and assets during security incidents. This guide covers the emergency procedures available to contract administrators and the proper protocols for invoking them.

Emergency Controls

Contract Pausing

All Integra contracts implement the Pausable pattern:

// Pause all non-essential operations
function pause() external onlyRole(PAUSER_ROLE);
 
// Resume normal operations
function unpause() external onlyRole(PAUSER_ROLE);

When paused:

• New document registrations are blocked
• Token claims are blocked
• Token transfers continue (ERC standard requirement)
• Resolver hooks still execute

Emergency Withdraw

For contracts holding funds:

// Emergency withdrawal of funds
function emergencyWithdraw(
    address token,
    address recipient,
    uint256 amount
) external onlyRole(EMERGENCY_ROLE);

Incident Response Protocol

Level 1: Minor Issues

Symptoms: Unusual transaction patterns, minor bugs

Response:

1. Monitor situation closely
2. Notify development team
3. Prepare patch if needed
4. No user communication required

Level 2: Moderate Issues

Symptoms: Exploitable bug discovered, limited impact

Response:

1. Pause affected contracts
2. Investigate root cause
3. Develop and test fix
4. Communicate with affected users
5. Deploy fix and unpause

Level 3: Critical Security

Symptoms: Active exploit, significant fund risk

Response:

1. Immediately pause ALL contracts
2. Activate emergency response team
3. Coordinate with security partners
4. Public disclosure after mitigation
5. Post-incident review

Contact Information

Emergency Contacts

• Security Team: security@integra.io
• Emergency Hotline: Available to enterprise customers
• Discord: #security-alerts channel

Bug Bounty

Found a vulnerability? Report it through our bug bounty program for rewards:

• Critical: Up to $100,000
• High: Up to $25,000
• Medium: Up to $5,000
• Low: Up to $1,000

Recovery Procedures

Post-Incident Checklist

• Root cause identified and documented
• Fix deployed and verified
• Affected users identified and notified
• Funds recovered or compensation plan created
• Post-mortem report published
• Security audit of fix completed

Related Documentation

• Security Patterns - Security best practices
• Access Control - Permission system
• Upgradeability - Upgrade procedures