# Circuit Breakers & Multisig Tharwa is built for resilience, not just performance. In the world of stablecoins and real-world assets, downtime, slow reactions, or mispriced assets can lead to permanent damage. That’s why the protocol includes an advanced circuit breaker and emergency response system, designed to react instantly when something goes wrong. These systems protect the peg, the treasury, and user funds while acting as the first line of defense during volatility, oracle failure, or exploit attempts. ### What Are Circuit Breakers? Circuit breakers are predefined, automated safeguards embedded into Tharwa’s smart contracts. When certain risk thresholds are breached, these mechanisms immediately pause or modify protocol behavior to avoid cascading failures. These are not “kill switches.” They are granular, function-specific stops designed to isolate threats while the rest of the system stays operational. ### What They Monitor Circuit breakers are activated by a combination of on-chain and off-chain inputs, including: * Price deviations of thUSD from its $1 peg * Oracle discrepancies or update delays * Large-scale, sudden thUSD redemptions * Vault outflows beyond expected norms * Latency or outage from LayerZero or other cross-chain modules * Vault asset drawdowns beyond modeled thresholds * Suspicious transaction patterns or contract calls Each event is evaluated against a configurable threshold. If tripped, the system pauses the related functions until resolution or governance action. ### Examples of Circuit Breaker Actions | Trigger Event | Circuit Breaker Response | | ----------------------------------- | ----------------------------------------------------- | | thUSD trades below $0.98 | Halt redemptions and rebalance liquidity pools | | Oracle delay > X minutes | Freeze mint/redeem actions until feed resumes | | >30% vault withdrawal in 24h | Pause new deposits, limit redemption size | | Vault asset drops >10% in 1 day | Trigger reallocation or pause further capital inflow | | Unauthorized contract call detected | Halt interaction and log incident for multisig review | These protections are automated but can be manually overridden via governance in the case of false positives or fast remediation. ### Emergency Multisig Response In parallel with circuit breakers, Tharwa’s critical operations are guarded by multi-signature safes, held by trusted signers. These safes allow: * Manual activation or deactivation of circuit breakers * Parameter overrides during abnormal market conditions * Treasury reallocation or redemptions from reserves * Onboarding of new market makers or oracle replacements Until Tharwa transitions to full DAO governance, the multisig structure provides operational security while minimizing centralization risk. Signers are public, time-locked, and their actions are transparent on-chain. ### Audit & Simulation All circuit breakers are: * Included in third-party audits * Subject to formal verification for logic consistency * Stress-tested with simulated edge cases (e.g., 40% vault drawdowns, chain halts) This ensures they activate when needed and only when needed. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://tharwa.gitbook.io/tharwa/security-and-risk-management/circuit-breakers-and-multisig.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.