ops: pause mainnet, switch surfaces to testnet-only

Mainnet Fly apps (ultradag-mainnet-1..5) destroyed; referral bot scaled
to 0; refbot pg machine stopped. Dashboard, website, and bounty docs
flipped to mainnet-paused framing.

Dashboard:
- MAINNET_NODES emptied; TESTNET_NODES trimmed to the two live nodes
- Default network is now testnet; stored 'mainnet' preference is
  overridden at load time
- TopBar mainnet button disabled and labelled "Mainnet (paused)"

Website:
- Homepage "Mainnet — Open to the Public" section replaced with paused
  notice + testnet connect snippet
- network.js, explorer.js, client.js MAINNET_NODES emptied; testnet
  arrays trimmed to the two live nodes
- testnet page node grid trimmed
- FAQ "Is mainnet live?" answer updated

Bug bounty:
- PROGRAM.md status, mainnet-access section, and conversion-rules block
  updated; mainnet-attack-surfaces remain in scope for review
- LEDGER.md gains a top-of-file pause notice; existing entries remain
  binding per the testnet-reset-safety policy
- LAUNCH.md status line and PROMOTION.md announcement copy updated

Dashboard rebuilt and rsynced into site/public/dashboard/.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: UltraDAGcom

dashboard/src/components/layout/TopBar.tsx

@@ -108,11 +108,12 @@ export function TopBar({
     return udag < 0.01 && udag > 0 ? '<0.01' : udag.toLocaleString(undefined, { maximumFractionDigits: 2 });
   };
 
+  // Mainnet is paused — the button is disabled and shown in a muted style.
   const mainnetBtnStyle: React.CSSProperties = {
     ...switchBtnBase,
-    ...(isMainnet
-      ? { background: 'rgba(0,224,196,0.15)', color: '#00E0C4', border: '1px solid rgba(0,224,196,0.25)' }
-      : { color: 'var(--dag-text-muted)' }),
+    color: 'var(--dag-text-muted)',
+    opacity: 0.4,
+    cursor: 'not-allowed',
   };
 
   const testnetBtnStyle: React.CSSProperties = {
@@ -148,10 +149,14 @@ export function TopBar({
         </div>
       </div>
 
-      {/* Center: network switcher */}
+      {/* Center: network switcher (mainnet currently paused) */}
       <div style={switcherWrapStyle}>
-        <button onClick={() => onSwitchNetwork('mainnet')} style={mainnetBtnStyle}>
-          Mainnet
+        <button
+          style={mainnetBtnStyle}
+          disabled
+          title="Mainnet is paused"
+        >
+          Mainnet (paused)
         </button>
         <button onClick={() => onSwitchNetwork('testnet')} style={testnetBtnStyle}>
           Testnet

dashboard/src/lib/api.ts

@@ -3,32 +3,28 @@
 const TESTNET_NODES = [
   'https://ultradag-node-1.fly.dev',
   'https://ultradag-node-2.fly.dev',
-  'https://ultradag-node-3.fly.dev',
-  'https://ultradag-node-4.fly.dev',
-  'https://ultradag-node-5.fly.dev',
 ];
 
-const MAINNET_NODES = [
-  'https://ultradag-mainnet-1.fly.dev',
-  'https://ultradag-mainnet-2.fly.dev',
-  'https://ultradag-mainnet-3.fly.dev',
-  'https://ultradag-mainnet-4.fly.dev',
-  'https://ultradag-mainnet-5.fly.dev',
-];
+// Mainnet is paused — no reachable nodes. The network toggle is kept in the
+// UI so the codepath is preserved for future re-enablement, but selecting it
+// surfaces an empty node list and the dashboard stays in the paused state.
+const MAINNET_NODES: string[] = [];
 
 export type NetworkType = 'mainnet' | 'testnet';
 
 // Persist network choice in localStorage
 function loadNetwork(): NetworkType {
   try {
     const stored = localStorage.getItem('ultradag_network');
-    if (stored === 'mainnet' || stored === 'testnet') return stored;
+    // Mainnet is paused — any stored 'mainnet' preference is overridden to
+    // testnet at load time so the dashboard is usable out of the box.
+    if (stored === 'testnet') return stored;
   } catch {}
-  return 'mainnet'; // default — matches explorer/network pages
+  return 'testnet';
 }
 
 let currentNetwork: NetworkType = loadNetwork();
-let currentNode = (currentNetwork === 'mainnet' ? MAINNET_NODES : TESTNET_NODES)[0];
+let currentNode = (currentNetwork === 'mainnet' ? MAINNET_NODES : TESTNET_NODES)[0] ?? '';
 let connected = false;
 /** Incremented on every network switch — stale responses check this to self-discard */
 let switchGeneration = 0;
@@ -43,7 +39,7 @@ export function switchNetwork(network: NetworkType) {
   currentNetwork = network;
   localStorage.setItem('ultradag_network', network);
   const nodes = network === 'mainnet' ? MAINNET_NODES : TESTNET_NODES;
-  currentNode = nodes[0];
+  currentNode = nodes[0] ?? '';
   connected = false;
   switchGeneration++;
   // Notify all pages to refetch immediately
@@ -71,6 +67,12 @@ async function fetchJson<T>(path: string, options?: RequestInit): Promise<T> {
 export async function connectToNode(): Promise<boolean> {
   const nodes = currentNetwork === 'mainnet' ? MAINNET_NODES : TESTNET_NODES;
 
+  // Mainnet is paused — no nodes to race against.
+  if (nodes.length === 0) {
+    connected = false;
+    return false;
+  }
+
   // Race all nodes in parallel — first healthy response wins
   try {
     const winner = await Promise.any(

docs/security/bug-bounty/LAUNCH.md

@@ -280,7 +280,7 @@ Best,
 
 ---
 
-**Program Status:** ✅ Active (mainnet live since 2026-04-10)  
+**Program Status:** ✅ Active — Testnet (Mainnet paused 2026-04-22)  
 **Private reporting:** Enabled on the repo; advisory URL live  
 **Next Action:** Announce publicly via `PROMOTION.md` channels  
-**Last Updated:** April 11, 2026
+**Last Updated:** April 22, 2026

docs/security/bug-bounty/LEDGER.md

@@ -7,6 +7,13 @@
 **UDAG Mainnet Token:** [`0x9cFD2011DF13d9E394B5Bb59f0f7e7A5C512155b`](https://arbiscan.io/token/0x9cFD2011DF13d9E394B5Bb59f0f7e7A5C512155b) (Arbitrum One, deployed 2026-04-12)  
 **Bounty Payment Source:** Genesis allocation holder `0x9aEcb515361af7980eaa16fE40c064f69738EbF9` (to be reimbursed from treasury post-emission)  
 
+> **Mainnet paused as of 2026-04-22.** Mainnet payouts are deferred until
+> mainnet is re-enabled. Every entry below remains binding — the commitment
+> is the git-tracked entry plus the hunter's key, not the chain state. See
+> [Testnet Reset Safety](#testnet-reset-safety) below; the same policy
+> applies to a mainnet pause. Vesting anchors and the 1:1 UDAG conversion
+> are unchanged.
+
 This ledger tracks all bug bounty rewards. Each entry is cryptographically signed and represents a binding commitment to distribute mainnet UDAG tokens.
 
 ---

docs/security/bug-bounty/PROGRAM.md

@@ -1,26 +1,24 @@
 # UltraDAG Bug Bounty Program
 
 **Operator:** JMS Media Group LLC (Wyoming, USA; Filing ID 2026-001951812) — the legal entity behind the UltraDAG project and the payer of record for all bounty rewards.  
-**Status:** Active — Mainnet & Testnet  
+**Status:** Active — Testnet (Mainnet paused as of 2026-04-22)  
 **Launch Date:** March 8, 2026  
 **Mainnet Genesis:** April 10, 2026  
-**Mainnet Public Open:** April 16, 2026 (anyone can run a validator)  
+**Mainnet Paused:** April 22, 2026  
 **Total Pool:** 500,000 UDAG
 
 ## Overview
 
-UltraDAG is offering rewards for security researchers who discover and responsibly disclose vulnerabilities in the UltraDAG codebase. **Mainnet is now open** — anyone can run a validator, stake UDAG, and participate in consensus. Testing is welcome on both mainnet and testnet; please prefer testnet for destructive exploration. Mainnet nodes are reachable at `ultradag-mainnet-[1-5].fly.dev:9333` (P2P) and `https://ultradag-mainnet-[1-5].fly.dev` (RPC).
+UltraDAG is offering rewards for security researchers who discover and responsibly disclose vulnerabilities in the UltraDAG codebase. **Mainnet is currently paused**; testing runs on testnet only. Testnet nodes are reachable at `ultradag-node-[1-2].fly.dev:9333` (P2P) and `https://ultradag-node-[1-2].fly.dev` (RPC).
 
-Valid reports are rewarded in UDAG, recorded in the append-only [`LEDGER.md`](./LEDGER.md), and convertible 1:1 to mainnet UDAG per the vesting schedule in that file. See [`LEDGER.md` → Testnet Reset Safety](./LEDGER.md#testnet-reset-safety) for why a testnet wipe does not affect your claim.
+Valid reports are rewarded in UDAG and recorded in the append-only [`LEDGER.md`](./LEDGER.md). Payout in mainnet UDAG is deferred while mainnet is paused but every ledger entry remains binding per the program's testnet-reset-safety policy — the commitment is the git-tracked entry plus the hunter's key, not the chain state. See [`LEDGER.md` → Testnet Reset Safety](./LEDGER.md#testnet-reset-safety).
 
-## Mainnet Access Policy
+## Testnet Access
 
-Mainnet is **fully open**:
-
-- **P2P port 9333 is public** on all mainnet nodes at `ultradag-mainnet-[1-5].fly.dev:9333`. External validators and observers can connect directly.
-- **RPC port 10333 is public** at `https://ultradag-mainnet-[1-5].fly.dev` for both reads and transaction submission.
-- **Validator set is permissionless** — any address with enough UDAG can stake and enter the active set. The 5 founder-operated Fly nodes have no protocol-level privilege; ranking is by effective stake.
-- **Please do not DoS mainnet.** In-scope attacks are those demonstrating a protocol or implementation bug via a minimal PoC — not brute traffic floods. If you can crash or halt a live mainnet node with a single crafted message, that's a valid Critical; sustained DoS traffic is out of scope and may be reported to the hosting provider.
+- **P2P port 9333 is public** on both testnet nodes at `ultradag-node-[1-2].fly.dev:9333`.
+- **RPC port 10333 is public** at `https://ultradag-node-[1-2].fly.dev` for reads and transaction submission.
+- **Please do not DoS the testnet.** In-scope attacks are those demonstrating a protocol or implementation bug via a minimal PoC — not brute traffic floods. If you can crash or halt a testnet node with a single crafted message, that's a valid Critical; sustained DoS traffic is out of scope and may be reported to the hosting provider.
+- **Mainnet attack surfaces remain in scope for review** — any bug you find against the current codebase is eligible regardless of whether it's exercisable on a live mainnet today. The vulnerability class is what matters for the reward tier.
 
 ## Scope
 
@@ -155,8 +153,9 @@ Create a GitHub Security Advisory with:
    the severity assessment, reward range, and planned timeline.
 
 ### Mainnet conversion (applies to all ledger entries)
-Mainnet launched **2026-04-10**. Every entry in the ledger converts 1:1 to
-mainnet UDAG under the following rules:
+Mainnet genesis was **2026-04-10**; mainnet is currently paused as of
+**2026-04-22**. Every entry in the ledger converts 1:1 to mainnet UDAG
+under the following rules:
 
 1. **Vesting schedule:** 25% unlocked at the vesting anchor (immediate), 75%
    vested linearly over the 12 months following.
@@ -167,6 +166,10 @@ mainnet UDAG under the following rules:
    the Ed25519 secret key (or passkey) behind their testnet address. This
    proves ownership without needing the testnet address to hold any balance
    or for the testnet to even still be running.
+4. **Pause handling:** while mainnet is paused, claim windows open as soon
+   as mainnet is re-enabled. The vesting anchor rule above still applies —
+   a paused period does not reset or delay the anchor. Entries already
+   accrued continue to accrue the 12-month linear vest.
 
 **Testnet reset safety:** testnet `--clean` restarts do not affect any ledger
 entry. The commitments live in git, not on the testnet chain. See the

docs/security/bug-bounty/PROMOTION.md

@@ -112,10 +112,11 @@ affect the commitment.
 
 UltraDAG is offering up to 50k UDAG for critical vulnerabilities.
 DAG-BFT blockchain with 2-3 round finality — interesting consensus
-model to test. Mainnet is live (5 validators) but all testing must
-happen against the public testnet (attacking mainnet is out of scope).
+model to test. Mainnet is currently paused; all testing runs against
+the public testnet.
 
-Live testnet + immediate testnet payouts + mainnet conversion schedule.
+Live testnet + mainnet conversion schedule. Ledger commitments remain
+binding through the pause.
 Details: https://github.com/UltraDAGcom/core/blob/main/SECURITY.md
 ```