Smart contracts have paved the way for a wide array of novel applications, including decentralized autonomous organizations (DAO), decentralized finance (DeFi), and non-fungible tokens (NFTs). On the flip side, with the adoption of smart contracts, security has also been jeopardized.
Smart contracts are deployed on blockchains where they are visible publicly, and anyone can call them (including hackers). Naturally, it becomes an expensive breach whenever a hacker finds a vulnerability in them and exploits it.
Developers are working on different mechanisms to deal with bugs, security exploits, and vulnerabilities. One of them is to pause smart contract functions.
There are ways to minimize these vulnerabilities, like getting a smart contract audit, but nothing can eliminate the possibility of smart contract exploits.
ImmuneBytes is the perfect place to get all the answers you’ve wanted relating to the blockchain industry. For over two years, we have provided exemplary smart contract audit services to our clients worldwide.
This blog will discuss pausing a smart contract functionality in detail. So, let us get started.
Is It Possible To Pause A Smart Contract?
Once you have deployed a smart contract on a blockchain, it cannot be stopped before executing. However, it is possible to do something that can disable the contract from performing certain actions.
“Pausing” a smart contract on a protocol level on the Ethereum Blockchain isn’t possible. All you need to do is implement a logic “in code” for pausing this.
In Pausable smart contracts, it is possible to pause functions inside the contract. However, only the owner can do this.
Let us make it clearer for you with the help of the example below:
As shown in the above image, update a smart contract and add a simple Boolean variable to check whether the functionality has been paused. As you can see, there is nothing much changes in the contract. There is a function that can update the paused variable. One thing that you must note is that only the owner can call this function. Also, withdrawAllMoney can only be called if the contract is not paused.
You can pause a smart contract if the customer-facing functions have required (paused == false).
Wondering what can be the possible use cases of a pausable smart contract? Let’s discuss them in brief.
Popular Use Cases of Pausable Smart Contracts
It is obvious to wonder where are the areas in which pausable smart contracts can be used. We have enlisted the following use cases where pausable smart contracts are popularly used.
- Imagine you have started creating an NFT minting smart contract and want to pause minting for some time to hold NFT. In this situation, you can introduce the pausable functionality to help you pause the function.
- Another important and popular use case of pausable smart contracts is in the initial coin offerings (ICOs). When you create new tokens for users, but you also want to restrict them from trading those tokens, in this case, the pausable functionality can be used.
- Also, if any smart contract has a bug in it and a hacker wants to exploit it, as an owner of that contract, you can easily pause it so that the hacker cannot misuse it.
Now, we are all set to decipher how to write such contracts.
How To Write A Pausable Smart Contract?
Let us see how to go about writing a pausable smart contract. This step-by-step guide will surely do wonders for you.
This is an example of a smart contract that will transfer the smart contract amount to the user who will call the function.
Now, we will break this code to make it easier for you to understand.
As you can see in the above image, in the first two lines, we have the license as well as the version of solidity. The name of this smart contract is Pausable.
Here, we have two state variables- owner and isPaused. Then, we initialize the owner address inside the constructor function msg.sender. It is a global variable with the user’s address who will deploy the smart contract.
The next step is to add a modifier that will be responsible for checking the condition of the ownership of that user who will call the function. Also, the caller must be the one who owns the smart contract.
setPaused is used to update the isPaused state variable. One thing to note here is that isPaused is a boolean variable- so you can easily set true or false on it. As we have used onlyOwner modifier above, only the user can call this function.
The next step is where the withdraw function will check the status of isPaused. Then, it will transfer the smart contract amount to the user who will call this function.
This line symbolizes that as an owner of the smart contract, you can pause and start the function as per your wish. You have complete pausable control over this function.
This is how you add this functionality to your smart contract.
3 Methods Of Adding Pause Functionality To A Smart Contract
Now that you are aware of writing pausable smart contracts, we will give you more details on the different types of methods used to add pause functionality to a smart contract.
We have been actively involved in making the financial world a more secure place with our robust smart contract audit services. We host a team of erudite Web3 cybersecurity professionals who have listed the three most widely-used methods of adding pause functionality to a Solidity smart contract.
Global Boolean Variable Method
It is one of the most straightforward methods that developers use to add pause functionality to a contract.
In this, all you have to do is just declare a global Boolean variable paused together with a required condition in your function. Next, create a setPaused function so you can easily change the value.
It is also popular for adding Pause functionality to a contract. Pausable.sol is a module many dApps use to pause actions.
In this, you use an import statement to inherit the pause modifiers from Pausable.sol. After this, you can use it in any function that you write.
Next, you have to include whenNotPaused as a modifier in case, you want to only offer the function when the condition pause is false given.
Global Boolean variable with pause control method
If you feel that adding an option to remove pause functionality is crucial to maintain the integrity of your project, then you can use the Global Boolean variable with pause control method.
These are the steps for this.
- Create a Boolean variable, canPause
- Set this variable as a condition in the setPause function
- Hardcode the setting to false in the new function so that you can remove pause capabilities
- Always remember that when you call canPause function, you can’t reverse it
Benefits of Pausing a Smart Contract
The blockchain technology’s concept of decentralization and trustlessness may appear incompatible with pausing a smart contract. Users could be hesitant to utilize your program, especially if centralized control over the ability to use the pause function exists.
However, in situations where the smart contract has significant financial power, the benefits of suspending it may exceed the drawbacks.
These advantages consist of:
Minimize the impact of exploits on user funds
Limiting the impact of an attack on application users requires pausing important contract functions like withdrawals. While it is feasible to investigate the problem and provide an update to fix the vulnerability, doing so would just buy time for attackers to steal money from your smart contract.
Mitigate the security issues on users
You may work on fixing security flaws without fully shutting users out of the system by preventing calls to particular contract functions. You may even design it so that during an emergency, consumers can access some functionalities (like removing deposited cash) but not others.
Flexible security issue fixing
A vulnerable contract could need to be terminated while a fresh instance is deployed on the blockchain in the absence of a pause mechanism. For developer teams, this means extra effort and overhead.
You may work on problem fixes while a smart contract is paused without having to start from scratch with a new contract. Additionally, it frees up more time to concentrate on solutions without the extra burden of attempting to outrun attackers.
Disadvantages of Pausing a Smart Contract
The pause feature might influence users’ confidence because after seeing the smart contract’s code, consumers would know that you can pause the functionality inside your smart contract.
This is because the smart contract code is public and anybody can read it. Assume you have an ICO smart contract with that capability implemented, which may discourage people from purchasing the token because you may suspend the withdraw functionality at any point.
In general, consumers won’t be interested in utilizing your dApp if they are aware that your smart contract is pauseable. A time-based pause, which will guarantee that the pause will be lifted after a certain period of time and ensure that the owner has no authority over halting the contract, can also be implemented to address this issue.
Use of pauseable smart contracts is recommended. The answer relies on a number of variables, such as the security requirements of your project and user acceptance of smart contract administrative controls.
If you do include a pause option in your smart contract, be clear with consumers about the dangers involved so they are aware of it. By giving a multisignature wallet authority over your contract’s pause capability, you may also avoid the issues associated with centralization.
If you have any queries regarding this topic, then we are all ears to them. ImmuneBytes is a pioneering Web3 cybersecurity organization that has been standing strong in this industry for over two years now. With our reliable smart contract auditing services, we have helped blockchain users participate within the transaction world without the fear of fund leakage.