# Handling a Security Incident

When a security issue arises, **swift and organized action** is essential to minimize damage and maintain user trust. A well-prepared [**contingency plan**](https://github.com/optimumsec/the-complete-guide-to-securing-web3-protocols/blob/main/emergency-response/establish-contingency-plan.md), defined in advance, should guide your response to ensure consistency and efficiency.

***

Follow these steps to effectively manage a security incident:

## 1. Analyze the Incident

* **Identify the Scope:** Determine the root cause, affected contracts, and the extent of the vulnerability.
* **Consult Experts:** Bring in external security researchers if necessary to assist in the analysis.

## 2. Contain the Damage

* **Pause Operations:** Use pause mechanisms to halt withdrawals, trading, or other critical functionalities.
* **Secure Funds:** Transfer vulnerable assets to a secure address or multisig wallet to protect user funds.

## 3. Communicate Transparently

* **Notify Users:** Issue a concise and clear public statement acknowledging the issue, ensuring users understand the safety of their funds is a priority.
* **Status Updates:** Regularly update users on the progress of mitigation efforts and expected timelines for resolution.

## 4. Patch and Test Fixes

* **Develop a Fix:** Quickly create a patch to address the vulnerability.
* **Test on Testnets:** Simulate real-world scenarios to validate the fix without introducing new issues.
* **Audit the Fix:** Have security researchers review the fix independently before deployment.

## 5. Migrate Data if Needed

* **Assess Data State:** Determine if the issue has affected the integrity or accuracy of stored data.
* **Plan Data Updates:** Develop scripts or processes to repair or migrate affected data.
* **Validate Migration:** Thoroughly test data migration scripts on a testnet to confirm correctness and prevent additional errors.

## 6. Redeploy and Resume Operations

* **Roll Out Incrementally:** Deploy the patched version in stages, starting with non-critical systems to monitor its behavior.
* **Unpause Safely:** Resume operations only after verifying that the issue has been fully resolved.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.optimumsec.xyz/emergency-response/handling-security-incident.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.