Skip to content

feat(contracts): add emergency pause mechanism to all four contracts#297

Merged
Leothosine merged 3 commits into
tosirano:mainfrom
prismn:feat/issue-288-emergency-pause-mechanism
Jun 26, 2026
Merged

feat(contracts): add emergency pause mechanism to all four contracts#297
Leothosine merged 3 commits into
tosirano:mainfrom
prismn:feat/issue-288-emergency-pause-mechanism

Conversation

@prismn

@prismn prismn commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Summary

Implements a circuit-breaker pause mechanism across all four Soroban smart contracts (loyalty_token, payment, order, restaurant_registry) so that an admin can halt public operations immediately in the event of a discovered vulnerability, without requiring a full contract migration.

Implementation Details

The same pattern is applied consistently to all four contracts:

  1. DataKey::Paused — new variant added to each contract's DataKey enum, stored as a boolean in instance storage.

  2. pause_contract(env, caller) — admin-only function that sets Paused = true and emits a timestamped (ctrl, pause) event.

  3. unpause_contract(env, caller) — admin-only function that sets Paused = false and emits a timestamped (ctrl, unpause) event.

  4. assert_not_paused_for(env, caller) — private guard helper: if the contract is paused and the caller is not the admin, panics with "contract is paused". Admin is always allowed to operate.

  5. Guards applied to all state-mutating public functions:

    • loyalty_token: mint, transfer, approve, transfer_from, burn, burn_from
    • payment: escrow_payment, release_payment (admin-only refund_payment is exempt by design)
    • order: place_order, cancel_order (admin-only advance_status, set_status exempt)
    • restaurant_registry: register_restaurant, update_restaurant, set_active

Validation Results

All 32 tests pass (0 failures):

Contract Tests
loyalty_token 10 ✅
order 8 ✅
payment 6 ✅
restaurant_registry 8 ✅

Each contract has 4 new pause-specific tests covering:

  • Paused contract rejects non-admin callers with "contract is paused"
  • Admin can still perform state-mutating operations while paused
  • unpause_contract restores normal operation for all callers
  • Events are emitted on pause/unpause

Closes #288

prismn and others added 3 commits June 23, 2026 10:35
- Add Paused variant to DataKey enum in loyalty_token, payment, order,
  and restaurant_registry contracts
- Add pause_contract() and unpause_contract() admin-only functions to
  each contract, emitting timestamped ctrl/pause and ctrl/unpause events
- Add assert_not_paused_for() guard: non-admin callers are rejected with
  'contract is paused'; admin can always operate
- Guard all state-mutating public functions in each contract
- Add 4 pause-related unit tests per contract (32 total tests all pass)

Closes tosirano#288
@Leothosine Leothosine merged commit e3e97d9 into tosirano:main Jun 26, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[CO-10] Implement emergency pause mechanism across all four contracts

2 participants