# Emergency Procedures

## Overview

This document outlines emergency procedures for the Strategic executor system.

## Emergency Contacts

- **Technical Lead**: [Contact Info]
- **Security Team**: [Contact Info]
- **Operations**: [Contact Info]

## Emergency Response Procedures

### 1. Immediate Actions

#### Pause Executor
```bash
# Via multi-sig or owner account
forge script script/Pause.s.sol --rpc-url $RPC_MAINNET --broadcast
```

Or via contract:
```solidity
executor.pause();
```

#### Revoke Allow-List
```solidity
// Remove problematic address
executor.setAllowedTarget(problematicAddress, false);

// Or disable allow-list entirely (if configured)
executor.setAllowListEnabled(false);
```

### 2. Incident Assessment

1. **Identify Issue**: What went wrong?
2. **Assess Impact**: How many users/transactions affected?
3. **Check Logs**: Review transaction logs and monitoring
4. **Notify Team**: Alert relevant team members

### 3. Containment

1. **Pause System**: Pause executor immediately
2. **Block Addresses**: Revoke problematic protocol addresses
3. **Stop New Executions**: Prevent new strategies from executing
4. **Preserve Evidence**: Save logs, transactions, state

### 4. Recovery

1. **Fix Issue**: Address root cause
2. **Test Fix**: Verify on testnet/fork
3. **Gradual Resume**: Unpause and monitor closely
4. **Document**: Record incident and resolution

## Common Scenarios

### Flash Loan Attack

**Symptoms**: Unauthorized flash loan callbacks

**Response**:
1. Pause executor immediately
2. Review `allowedPools` mapping
3. Remove unauthorized pools
4. Verify flash loan callback security
5. Resume after verification

### Allow-List Bypass

**Symptoms**: Unauthorized contract calls

**Response**:
1. Pause executor
2. Review allow-list configuration
3. Remove problematic addresses
4. Verify allow-list enforcement
5. Resume with stricter controls

### High Gas Usage

**Symptoms**: Transactions failing due to gas

**Response**:
1. Review gas estimates
2. Optimize strategies
3. Adjust gas limits
4. Monitor gas prices

### Price Oracle Failure

**Symptoms**: Stale or incorrect prices

**Response**:
1. Pause strategies using affected oracles
2. Switch to backup oracle
3. Verify price feeds
4. Resume after verification

## Recovery Procedures

### After Incident

1. **Post-Mortem**: Document what happened
2. **Root Cause**: Identify root cause
3. **Prevention**: Implement prevention measures
4. **Testing**: Test fixes thoroughly
5. **Communication**: Notify stakeholders

### System Restoration

1. **Verify Fix**: Confirm issue is resolved
2. **Testnet Testing**: Test on testnet first
3. **Gradual Rollout**: Resume with small limits
4. **Monitoring**: Monitor closely for 24-48 hours
5. **Normal Operations**: Resume normal operations

## Prevention

### Regular Checks

- Weekly: Review transaction logs
- Monthly: Verify protocol addresses
- Quarterly: Security review
- Annually: Comprehensive audit

### Monitoring

- Real-time alerts for failures
- Daily health checks
- Weekly metrics review
- Monthly security scan

## Contact Information

- **Emergency Hotline**: [Number]
- **Security Email**: security@example.com
- **Operations**: ops@example.com