Add emergency withdrawal function for admin to return funds during crisis

[prodbycorne]

Overview

If a critical vulnerability is discovered in the farming-pool contract, the current pause mechanism (pause) prevents new operations but leaves all staked/locked tokens permanently trapped — there is no admin path to return tokens to users.

An emergency withdrawal function allows the admin to return a specific user's tokens during an emergency, after the pool is paused.

Design

/// Admin: return all tokens for `user` in an emergency.
///
/// May only be called while the pool is paused. Does NOT slash credits — the
/// user's credit record is preserved for any future claim mechanism.
/// Emits an `emrg_exit` event with `(admin, user, amount)`.
pub fn emergency_withdraw(env: Env, user: Address) -> Result<i128, PoolError> {
    get_admin(&env).require_auth();
    if !pool_is_paused(&env) {
        return Err(PoolError::NotPaused);
    }
    bump_instance(&env);

    let mut total_returned: i128 = 0;
    let token = token::TokenClient::new(&env, &get_stake_token(&env));

    // Return lock position
    if let Some(pos) = get_position(&env, &user) {
        token.transfer(&env.current_contract_address(), &user, &pos.amount);
        total_returned += pos.amount;
        remove_position(&env, &user);
    }

    // Return stake balance
    if let Some(stake) = get_user_stake(&env, &user) {
        token.transfer(&env.current_contract_address(), &user, &stake.amount);
        total_returned += stake.amount;
        remove_user_stake(&env, &user);
    }

    if total_returned == 0 {
        return Err(PoolError::NoActiveStake);
    }

    env.events().publish(
        (symbol_short!("pool"), symbol_short!("emrg_exit")),
        (get_admin(&env), user, total_returned),
    );
    Ok(total_returned)
}

Add NotPaused = 13 to PoolError.

Safeguards

• Only callable while paused (prevents routine admin extraction of user funds)
• Credits are preserved, not zeroed (users lose time but not accrued credits)
• Event emitted for every withdrawal so the action is fully auditable

Acceptance Criteria

• emergency_withdraw implemented, admin-only, paused-only
• Returns both stake and position balance
• Credits preserved (not zeroed) after emergency withdrawal
• emrg_exit event emitted
• NotPaused error returned if pool is not paused
• Test: emergency withdraw while paused, verify tokens returned and state cleared
• Test: emergency withdraw while unpaused returns Err(PoolError::NotPaused)

[clintjeff2]

Hello, I have 6 years of experience working on tasks like this and handling similar challenges across backend, frontend, and smart-contract development. I have carefully read and fully understood the task requirements, and I am confident I can deliver a clean, efficient, and well-tested solution promptly. I always ensure high-quality implementation, maintainability, and adherence to best practices.

Pull request in 5 hours.

[simplicityf]

Hi! I have experience implementing admins function, adding the write guard, writing test to cover all different use cases, working on this would help advancing my skills, kindly assign.

[grantfox-oss]

🦊 GrantFox — @simplicityf has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #24)
2. Your PR will be reviewed by the SmartDropLabs maintainers

Good luck! Track your progress on GrantFox.

[grantfox-oss]

🎉 This issue has been marked as completed on GrantFox as part of the Official Campaign campaign!

@simplicityf's PR #45 was approved and merged by @prodbycorne.

🏆 @simplicityf: You earned 35 FoxPoints for this contribution! Your current tier: Explorer (188 total points). Track your full progress on GrantFox.

👏 Great work, @simplicityf! Keep contributing to SmartDropLabs.