# Channel Manager Incident Runbook

Short runbook for PaymentChannelManager and GenericStateChannelManager: pause, unpause, and replace admin.

## When to pause

- Suspected bug or exploit in open/fund or state handling.
- Upgrade or migration (pause new activity while in-flight channels settle).
- Security incident: stop new channel opens and funds; existing channels can still close.

## How to pause

- **Who**: Current `admin` (or multisig that is admin).
- **Call**: `pause()` on the contract (PaymentChannelManager or GenericStateChannelManager).
- **Effect**: `openChannel` and `fundChannel` revert with "paused". `closeChannelCooperative`, `submitClose`, `challengeClose`, and `finalizeClose` remain callable so in-flight channels can settle.

## How to unpause

- **Who**: Current `admin`.
- **Call**: `unpause()`.
- **Effect**: New channels can be opened and funded again.

## How to replace admin

- **Who**: Current `admin`.
- **Call**: `setAdmin(newAdmin)` with the new address (e.g. new multisig).
- **Recommendation**: Use a multisig as `newAdmin`; avoid EOA for production.

## Contracts and addresses

- Document deployed addresses in [PAYMENT_CHANNELS_DEPLOYMENT.md](../deployment/PAYMENT_CHANNELS_DEPLOYMENT.md).
- Ensure only the intended multisig/EOA has admin before and after replacement.

## Monitoring

- Monitor `Paused`, `Unpaused`, and `AdminChanged` events.
- Alert on unexpected pause or admin change.