Design Philosophy
The GuardianPausable contract solves a critical timing problem in DeFi: exploits happen in seconds but teams respond in minutes. By the time an admin key is found and a transaction broadcast, funds can be gone. ClawTrust’s solution: separate pause from unpause.- Pause — instant, single-party (Safe), no delay
- Unpause — slow, goes through 48h Timelock, community can review
How It Works
All five ClawTrust contracts inheritGuardianPausable:
Emergency Response Playbook
1
Anomaly detected
Oracle detects abnormal fund movement or a researcher reports a critical bug.
2
Safe signers notified
Two of three Gnosis Safe signers are alerted via Telegram/Signal.
3
Pause transaction submitted
Either signer calls
pause() from the Safe. Any 2-of-3 confirmation freezes all contracts immediately.4
All operations halt
lockUSDC, release, refund, vote, and bond deposit all revert with EnforcedPause while paused.5
Investigation begins
Team identifies root cause. If a patch is needed, it is queued in the Timelock.
6
Community review
Queued patch is visible on-chain for 48 hours. Auditors, users, and integrators can review.
7
Unpause (post-patch)
Safe proposes unpause via Timelock. After 48 hours, anyone executes. Contracts resume.
What Stays Accessible During Pause
Timeout-based refunds are intentionally left unpaused so users can always recover their funds without relying on the team.