d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
main
smom-dbis-138/docs/bridge/UPGRADE_AND_PAUSE_RUNBOOKS.md
defiQUG 5efe36b1e0 chore: sync submodule state (parent ref update) 
Made-with: Cursor
2026-03-02 12:14:09 -08:00

1.3 KiB
Raw Permalink Blame History

Bridge Upgrade and Pause Runbooks

Upgrade paths and pause procedures for bridge contracts (Tezos/Etherlink context).

Upgrade paths

  • Upgradeable (UUPS): UniversalAssetRegistry, BridgeOrchestrator, GovernanceController, TokenlistGovernanceSync. Upgrade via UPGRADER_ROLE after timelock if policy requires. Run: prepare upgrade (new impl), schedule timelock, execute upgrade.
  • Non-upgradeable: TezosAdapter, EVMAdapter, AlltraCustomBridge. Deploy new version; register new adapter in ChainRegistry (or update adapter address); phase out old (revoke roles, drain if any).
  • CCIP Router: Per Chainlink; DON upgrades are separate from application contracts.

Pause procedures

  • BridgeRegistry: If contract has Pausable, call pause() with appropriate role (e.g. DEFAULT_ADMIN_ROLE). Stops new token/destination registration and optionally bridge operations if enforced in routing.
  • TezosAdapter: setIsActive(false) with DEFAULT_ADMIN_ROLE. Stops new bridge() calls; in-flight requests can still be confirmed by oracle.
  • UniversalCCIPBridge / WETH bridges: If pausable, pause to stop new outbound messages; coordinate with DON/relay to avoid stuck messages.

Security

  • Document key holders for UPGRADER_ROLE and pause roles; use multisig where required. Runbooks: key rotation, incident response (pause first, then investigate).
Reference in New Issue View Git Blame Copy Permalink