📌 Description
commitment_core integrates shared_utils::Pausable and EmergencyControl, and
commitment_nft/attestation_engine/allocation_logic expose pause/unpause.
commitment_marketplace, however, has no Pausable integration, so buy_nft,
accept_offer, place_bid, and end_auction cannot be halted during an incident
even though they move user funds.
This issue adds emergency pause gating to the marketplace settlement paths.
🎯 Requirements and Context
- Integrate
shared_utils::Pausable (PAUSED_KEY) and admin-gated pause/unpause.
- Gate all fund-moving entrypoints (
list_nft settlement, buy_nft, accept_offer, place_bid, end_auction) with require_not_paused.
- Read-only getters must remain callable while paused.
- No regressions to fee logic or the payment-token allowlist.
🛠️ Suggested Execution
1. Fork the repo and create a branch
git checkout -b security/marketplace-pausable
2. Implement changes
- Add
Pausable wiring and pause/unpause to contracts/commitment_marketplace/src/lib.rs with /// docs.
- Update
docs/EMERGENCY.md equivalent in contracts/EMERGENCY.md and docs/SECURITY_CONSIDERATIONS.md.
3. Test and commit
- Extend
contracts/commitment_marketplace/src/tests.rs.
- Run:
cargo test --target wasm32v1-none --release
- Edge cases: paused buy rejected, paused bid rejected, getter while paused ok, non-admin pause rejected.
Example commit message
fix: add emergency pause gating to marketplace settlement
✅ Guidelines
- Minimum 95% test coverage on the gated paths.
- Document the incident-response procedure.
- Timeframe: 96 hours.
🏷️ Labels
type-security · area-contracts · MAYBE REWARDED · GRANTFOX OSS · OFFICIAL CAMPAIGN
💬 Community & Support
- Join the CommitLabs contributor Discord to coordinate and get unblocked fast: https://discord.gg/WV7tdYkJk
- Introduce yourself before starting to avoid duplicate work.
- Maintainers triage actively and review fast.
📌 Description
commitment_coreintegratesshared_utils::PausableandEmergencyControl, andcommitment_nft/attestation_engine/allocation_logicexposepause/unpause.commitment_marketplace, however, has noPausableintegration, sobuy_nft,accept_offer,place_bid, andend_auctioncannot be halted during an incidenteven though they move user funds.
This issue adds emergency pause gating to the marketplace settlement paths.
🎯 Requirements and Context
shared_utils::Pausable(PAUSED_KEY) and admin-gatedpause/unpause.list_nftsettlement,buy_nft,accept_offer,place_bid,end_auction) withrequire_not_paused.🛠️ Suggested Execution
1. Fork the repo and create a branch
2. Implement changes
Pausablewiring andpause/unpausetocontracts/commitment_marketplace/src/lib.rswith///docs.docs/EMERGENCY.mdequivalent incontracts/EMERGENCY.mdanddocs/SECURITY_CONSIDERATIONS.md.3. Test and commit
contracts/commitment_marketplace/src/tests.rs.cargo test --target wasm32v1-none --releaseExample commit message
✅ Guidelines
🏷️ Labels
type-security·area-contracts·MAYBE REWARDED·GRANTFOX OSS·OFFICIAL CAMPAIGN💬 Community & Support