Circuit Breakers & Multisig
Tharwa is built for resilience, not just performance. In the world of stablecoins and real-world assets, downtime, slow reactions, or mispriced assets can lead to permanent damage. That’s why the protocol includes an advanced circuit breaker and emergency response system, designed to react instantly when something goes wrong.
These systems protect the peg, the treasury, and user funds — and act as the first line of defense during volatility, oracle failure, or exploit attempts.
What Are Circuit Breakers?
Circuit breakers are predefined, automated safeguards embedded into Tharwa’s smart contracts. When certain risk thresholds are breached, these mechanisms immediately pause or modify protocol behavior to avoid cascading failures.
These are not “kill switches.” They are granular, function-specific stops designed to isolate threats while the rest of the system stays operational.
What They Monitor
Circuit breakers are activated by a combination of on-chain and off-chain inputs, including:
Price deviations of thUSD from its $1 peg
Oracle discrepancies or update delays
Large-scale, sudden thUSD redemptions
Vault outflows beyond expected norms
Latency or outage from LayerZero or other cross-chain modules
Vault asset drawdowns beyond modeled thresholds
Suspicious transaction patterns or contract calls
Each event is evaluated against a configurable threshold. If tripped, the system pauses the related functions until resolution or governance action.
Examples of Circuit Breaker Actions
thUSD trades below $0.98
Halt redemptions and rebalance liquidity pools
Oracle delay > X minutes
Freeze mint/redeem actions until feed resumes
>30% vault withdrawal in 24h
Pause new deposits, limit redemption size
Vault asset drops >10% in 1 day
Trigger reallocation or pause further capital inflow
Unauthorized contract call detected
Halt interaction and log incident for multisig review
These protections are automated but can be manually overridden via governance in the case of false positives or fast remediation.
Emergency Multisig Response
In parallel with circuit breakers, Tharwa’s critical operations are guarded by multi-signature safes, held by trusted signers. These safes allow:
Manual activation or deactivation of circuit breakers
Parameter overrides during abnormal market conditions
Treasury reallocation or redemptions from reserves
Onboarding of new market makers or oracle replacements
Until Tharwa transitions to full DAO governance, the multisig structure provides operational security while minimizing centralization risk. Signers are public, time-locked, and their actions are transparent on-chain.
Audit & Simulation
All circuit breakers are:
Included in third-party audits
Subject to formal verification for logic consistency
Stress-tested with simulated edge cases (e.g., 40% vault drawdowns, chain halts)
This ensures they activate when needed and only when needed.
Last updated