strategic/docs/EMERGENCY_PROCEDURES.md

Emergency Procedures

Overview

This document outlines emergency procedures for the Strategic executor system.

Emergency Contacts

• Technical Lead: [Contact Info]
• Security Team: [Contact Info]
• Operations: [Contact Info]

Emergency Response Procedures

1. Immediate Actions

Pause Executor

# Via multi-sig or owner account
forge script script/Pause.s.sol --rpc-url $RPC_MAINNET --broadcast

Or via contract:

executor.pause();

Revoke Allow-List

// Remove problematic address
executor.setAllowedTarget(problematicAddress, false);

// Or disable allow-list entirely (if configured)
executor.setAllowListEnabled(false);

2. Incident Assessment

1. Identify Issue: What went wrong?
2. Assess Impact: How many users/transactions affected?
3. Check Logs: Review transaction logs and monitoring
4. Notify Team: Alert relevant team members

3. Containment

1. Pause System: Pause executor immediately
2. Block Addresses: Revoke problematic protocol addresses
3. Stop New Executions: Prevent new strategies from executing
4. Preserve Evidence: Save logs, transactions, state

4. Recovery

1. Fix Issue: Address root cause
2. Test Fix: Verify on testnet/fork
3. Gradual Resume: Unpause and monitor closely
4. Document: Record incident and resolution

Common Scenarios

Flash Loan Attack

Symptoms: Unauthorized flash loan callbacks

Response:

1. Pause executor immediately
2. Review allowedPools mapping
3. Remove unauthorized pools
4. Verify flash loan callback security
5. Resume after verification

Allow-List Bypass

Symptoms: Unauthorized contract calls

Response:

1. Pause executor
2. Review allow-list configuration
3. Remove problematic addresses
4. Verify allow-list enforcement
5. Resume with stricter controls

High Gas Usage

Symptoms: Transactions failing due to gas

Response:

1. Review gas estimates
2. Optimize strategies
3. Adjust gas limits
4. Monitor gas prices

Price Oracle Failure

Symptoms: Stale or incorrect prices

Response:

1. Pause strategies using affected oracles
2. Switch to backup oracle
3. Verify price feeds
4. Resume after verification

Recovery Procedures

After Incident

1. Post-Mortem: Document what happened
2. Root Cause: Identify root cause
3. Prevention: Implement prevention measures
4. Testing: Test fixes thoroughly
5. Communication: Notify stakeholders

System Restoration

1. Verify Fix: Confirm issue is resolved
2. Testnet Testing: Test on testnet first
3. Gradual Rollout: Resume with small limits
4. Monitoring: Monitor closely for 24-48 hours
5. Normal Operations: Resume normal operations

Prevention

Regular Checks

• Weekly: Review transaction logs
• Monthly: Verify protocol addresses
• Quarterly: Security review
• Annually: Comprehensive audit

Monitoring

• Real-time alerts for failures
• Daily health checks
• Weekly metrics review
• Monthly security scan

Contact Information

• Emergency Hotline: [Number]
• Security Email: security@example.com
• Operations: ops@example.com