Severity: Critical
Only core_escrow has pause_routing. If a vulnerability is found mid-hackathon, there is no way to halt claim_prize, reclaim_unclaimed_prizes, or release_partial calls originating from hackathon_registry.
Required fixes
Add a pause flag to hackathon_registry:
pub fn pause(env: Env) -> Result<(), HackathonError> {
admin.require_auth();
env.storage().instance().set(&HackathonDataKey::Paused, &true);
ContractPaused {}.publish(&env);
Ok(())
}
pub fn unpause(env: Env) -> Result<(), HackathonError> {
admin.require_auth();
env.storage().instance().set(&HackathonDataKey::Paused, &false);
ContractUnpaused {}.publish(&env);
Ok(())
}
fn ensure_not_paused(env: &Env) -> Result<(), HackathonError> {
if env.storage().instance().get(&HackathonDataKey::Paused).unwrap_or(false) {
return Err(HackathonError::Paused);
}
Ok(())
}Gate all state-mutating fns: create_hackathon, register_team, submit_project, score_submission, finalize_hackathon, claim_prize, reclaim_unclaimed_prizes, add_sponsored_track, distribute_track_prizes.
Read functions and cancel_hackathon (escape hatch) should remain available while paused.
Tests required
- All write fns reject when paused
- Reads work when paused
- cancel_hackathon works when paused (escape hatch)
- Only admin can pause/unpause
Severity: Critical
Only
core_escrowhaspause_routing. If a vulnerability is found mid-hackathon, there is no way to haltclaim_prize,reclaim_unclaimed_prizes, orrelease_partialcalls originating fromhackathon_registry.Required fixes
Add a pause flag to hackathon_registry:
Gate all state-mutating fns:
create_hackathon,register_team,submit_project,score_submission,finalize_hackathon,claim_prize,reclaim_unclaimed_prizes,add_sponsored_track,distribute_track_prizes.Read functions and
cancel_hackathon(escape hatch) should remain available while paused.Tests required