Incident Response Plan

Severity Levels

Level	Contoh	Response Time
Critical	Exploit aktif, dana dicuri	< 15 menit
High	Vulnerability discovered	< 1 jam
Medium	Validator downtime	< 4 jam
Low	Suspicious tx pattern	< 24 jam

Response Steps

1. Detect

• Security monitor alerts (http://localhost:4002/alerts)
• Validator monitor downtime
• Community report

2. Assess

• Security council convene
• Identify affected contracts
• Estimate impact

3. Contain

# Emergency pause PayHub
cast send $SECURITY_COUNCIL "emergencyPause(address,string)" $PAYHUB "incident description" --private-key $GUARDIAN_KEY

4. Communicate

• Post on status page
• Notify validators via Telegram/Discord
• Update explorer banner

5. Recover

• Deploy fix
• Verify on testnet
• Unpause via admin

6. Post-Mortem

• Document in security/incidents/YYYY-MM-DD.md
• Update threat model
• Add regression test

Contacts

Role	Contact
Security Council	security@garudachain.id
Validator Ops	validators@garudachain.id
Emergency	emergency@garudachain.id