20 lines
1.3 KiB
Markdown
20 lines
1.3 KiB
Markdown
# Bridge Upgrade and Pause Runbooks
|
|
|
|
Upgrade paths and pause procedures for bridge contracts (Tezos/Etherlink context).
|
|
|
|
## Upgrade paths
|
|
|
|
- **Upgradeable (UUPS)**: UniversalAssetRegistry, BridgeOrchestrator, GovernanceController, TokenlistGovernanceSync. Upgrade via UPGRADER_ROLE after timelock if policy requires. Run: prepare upgrade (new impl), schedule timelock, execute upgrade.
|
|
- **Non-upgradeable**: TezosAdapter, EVMAdapter, AlltraCustomBridge. Deploy new version; register new adapter in ChainRegistry (or update adapter address); phase out old (revoke roles, drain if any).
|
|
- **CCIP Router**: Per Chainlink; DON upgrades are separate from application contracts.
|
|
|
|
## Pause procedures
|
|
|
|
- **BridgeRegistry**: If contract has Pausable, call pause() with appropriate role (e.g. DEFAULT_ADMIN_ROLE). Stops new token/destination registration and optionally bridge operations if enforced in routing.
|
|
- **TezosAdapter**: setIsActive(false) with DEFAULT_ADMIN_ROLE. Stops new bridge() calls; in-flight requests can still be confirmed by oracle.
|
|
- **UniversalCCIPBridge / WETH bridges**: If pausable, pause to stop new outbound messages; coordinate with DON/relay to avoid stuck messages.
|
|
|
|
## Security
|
|
|
|
- Document key holders for UPGRADER_ROLE and pause roles; use multisig where required. Runbooks: key rotation, incident response (pause first, then investigate).
|