Circuit Breaker
Circuit Breaker: The Circuit Breaker is essentially an emergency brake for the protocol. It’s a smart contract module that monitors all major fund movements – withdrawals of collateral, large new borrowings, and liquidation payouts. If in any 24-hour period the outflows exceed a certain percentage of the total value locked (TVL) – currently set to 15% – the circuit breaker automatically activates. When active:
New withdrawals (including collateral withdrawals and possibly even new USD Pro generation) are temporarily halted or limited.
This state gives the team and community time to assess the situation. It could be triggered by something benign (e.g., a whale closing a huge position) or something malicious (e.g., an exploit causing drain).
As mentioned in the parameter table, there are three outcomes once triggered:
Admin Reset: A DAO-elected admin (a trusted role likely controlled by a multisig of core contributors or community reps) can manually reset the breaker if everything looks fine. This would immediately restore normal operations.
Automatic Release: If no one intervenes, after the 24-hour window passes, the breaker lifts and operations resume, releasing any queued withdrawals. This ensures the breaker can’t freeze the system indefinitely on its own.
Emergency DAO Vote: If the issue appears serious (say a hack in progress), the admin can escalate by not resetting and instead requiring a DAO governance vote to resolve the situation. That vote might decide on specific corrective actions (like pausing a certain collateral type, or adjusting a parameter to mitigate the exploit) before allowing withdrawals again.
The circuit breaker is like a circuit breaker in electrical systems – it prevents overload (in this case, an overload of outflows that could destabilize USD Pro or empty the system). Normal users might never notice it unless something unusual happens. It does not affect everyday operations such as modest withdrawals or trades; it’s only for large sudden moves. And even if it triggers, user funds are not lost – they’re just locked temporarily until it’s deemed safe.