4de9676da7
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- Added a detailed implementation status table outlining the completion status of various phases. - Marked the submodule reference for smom-dbis-138 as dirty to reflect changes. Made-with: Cursor
1.8 KiB
1.8 KiB
DBIS Rail — Emergency Revoke and Key Compromise Runbook
Scope: Signer revocation and key compromise response (Ledger Attestation v1.5 §4.3, Rulebook §6).
1. Emergency revoke (signer)
- SIGNER_ADMIN calls
DBIS_SignerRegistry.revokeSignerAtBlock(signer)(orremoveSigner(signer)). - Effective immediately at the next block: any MintAuth or SwapAuth that includes this signer and is submitted at or after that block will revert.
- Do not submit any in-flight Mint Authorizations that rely on the revoked signer after the revocation block.
- Re-evaluate in-flight authorizations; if already signed but not yet submitted, do not submit; issue new MintAuth with replacement signer set if needed.
- Document the revocation (block number, signer address, reason) for audit.
2. Key compromise drill
- Revoke signer immediately per Section 1.
- Re-evaluate in-flight authorizations — do not submit any that depend on the compromised key.
- Incident reporting per DBIS security policy (internal and, if required, regulatory).
- Key rotation — provision new signer key; add new signer via
addSigner(newAddress, category); revoke or retire the old key record. - Runbook reference: Rulebook §6.4; Ledger Attestation add-on §4.3.
3. Router / mint controller pause
- ROUTER_ADMIN calls
DBIS_SettlementRouter.pause()to stop all new MintAuth submissions. - ROUTER_ADMIN calls
DBIS_GRU_MintController.pause()to stop mint execution (if router is still processing). - To resume:
unpause()on both.
4. Participant suspension
- PARTICIPANT_ADMIN calls
DBIS_ParticipantRegistry.setParticipantStatus(participantId, SUSPENDED). - No new settlements to that participant’s operational wallets until status is ACTIVE again.