How to Approve or Reject Requests

Process attack mode requests as a DAO member

Overview

As the registry moderator, you review attack requests and decide whether to approve or reject them.

The easiest way to do this is the Approvals dashboard — a public index of every attack-mode request and its state. Browsing requires no wallet; each request links through to the protocol's details, bounty terms, contracts in scope, and a verification flag for the agreement's terms URI.

To act on a request, connect the registry-moderator Safe (the dashboard supports WalletConnect, so you can pair the Safe from your wallet of choice). Once connected as the moderator, each pending request shows Approve and Reject buttons that submit the same calls below through the Safe — no cast or scripting required.

ℹ️

The dashboard is the recommended path. The contract calls below remain available for scripting, batch processing, or programmatic workflows.

Approve a Request

If the request passes review:

attackRegistry.approveAttack(agreementAddress);

Effects:

  • State changes to UNDER_ATTACK
  • Safe Harbor protection begins
  • Whitehats can attack

Reject a Request

If the request fails review:

attackRegistry.rejectAttackRequest(agreementAddress);

Effects:

  • State returns to NOT_DEPLOYED
  • Contract mappings cleared
  • Protocol can resubmit with fixes

Review Checklist

Before deciding, verify:

  1. Deployment method: Deployed via BattleChainDeployer?
  2. Not a copycat: Bytecode doesn't match mainnet contracts
  3. Legitimate protocol: Has web presence, audit reports, valid contacts
  4. Reasonable terms: Bounty percentage in normal range (5-15%)
  5. Clear scope: All contracts properly defined

Check Deployment Method

address[] memory contracts = agreement.getBattleChainScopeAddresses();

for (uint i = 0; i < contracts.length; i++) {
    address deployer = attackRegistry.getContractDeployer(contracts[i]);

    if (deployer == address(0)) {
        // NOT via BattleChainDeployer - extra scrutiny needed
    }
}

Timing

ScenarioAction
Clear approvalApprove immediately
Clear rejectionReject with feedback
Needs investigationDecide before 14-day deadline
Approaching deadline, uncertainReject to reset clock
ℹ️

If no action is taken within 14 days, the agreement auto-promotes to PRODUCTION.

Batch Processing

Process multiple requests efficiently:

function batchProcess(
    address[] calldata toApprove,
    address[] calldata toReject
) external {
    for (uint i = 0; i < toApprove.length; i++) {
        attackRegistry.approveAttack(toApprove[i]);
    }
    for (uint i = 0; i < toReject.length; i++) {
        attackRegistry.rejectAttackRequest(toReject[i]);
    }
}

How to Use Instant Promotion

Handle emergency copycat situations