- What: Make use of tools and processes that enable an immediate response in the event of any security issues.
- Why: Even with the best pre-deployment safeguards, it is still possible for smart contracts and critical components, such as oracles and bridges, to have live issues. Having dedicated personnel, clear processes, and appropriate automations in place ensures that incidents can be investigated quickly—and resolved as swiftly as possible.
- How: Prepare for the worst by planning how to respond to incidents or emergencies and automating response capabilities to the greatest extent possible. This includes assigning responsibilities for investigation and response to capable personnel that can be publicly contacted about security issues. Based on the protocol’s threat models, develop a set of processes that could include scenario drills and expected response times for taking emergency actions. Consider integrating automation into incident response; the Autotask functionality of OpenZeppelin Defender enables automatic responses to specified events, functions, and transaction parameters detected by Defender Sentinels or Forta bots.