Emergency Break

Published by Mario Oettler on

Another recommended (but also controversial) pattern is circuit breakers or emergency brake. An emergency brake stops the execution of most or all functions of a smart contract in case of an emergency, like bugs or exploits.

This is done with a modifier for every function that checks if the contract has been stopped.

The rationale behind this is to stop a contract if a vulnerability was detected in order to avoid a loss until the developers found a fix for it. It could hinder users from depositing new funds or withdraw existing funds to prevent draining the whole contract.

While this sounds like a good idea at first glance, it introduces the risk of centralization and makes the behavior of the smart contract unpredictable. Usually, only the contract owner is allowed to execute the emergency brake. And this means that this user has the power to stop the whole contract.

It is recommended to mitigate this risk by using a k out of n threshold scheme. Here are at least k out of n given users necessary to pull the emergency brake. While this mitigates the risk of a single fraudulent user, it still is a heavy centralization.