# 9.3 Emergency Response Protocol (ERP) Although OmniPact has undergone rigorous audits and formal verification, when facing unknown zero-day exploits, the protocol must have "Fail-Safe" capabilities. The ERP protocol aims to limit the losses caused by attacks to a controllable range and prevent systemic collapse. #### 9.3.1 Circuit Breakers & Rate Limiting To prevent large-scale theft of funds in a short period of time, we have built-in Algorithmic Circuit Breakers in the OmniVault core contract. This is a set of passive defense logic that can be triggered automatically without manual intervention. 1\. Outflow Rate Limiting We have set a time-window-based withdrawal limit for OmniVault. $$ Limit(t) = TVL\_{t-1} \times \text{MaxDrawdownPercentage} $$ * Mechanism: If the net outflow of funds exceeds 10% of TVL (safety threshold) within a specific time window (such as 1 hour), the contract will be automatically triggered. `Suspension` Status. * Effect: This ensures that even if a hacker gains control, they cannot steal all the funds at once, giving the team and community valuable response time. 2\. Price Deviation Breaker When the price feed from the oracle (Chainlink) fluctuates sharply (such as a 99% drop within 1 hour), or when the price difference from the backup oracle (such as Uniswap TWAP) exceeds 5%, all liquidation and exchange operations involving that asset will be automatically suspended. #### 9.3.2 Pausable Interfaces Based on the OpenZeppelin Pausable standard, we divide the functions of the protocol into different security levels and implement refined pause control. 1\. Implementation The core contract inherits from PausableUpgradeable. Key state-changing functions are protected by the whenNotPaused modifier. Solidity ``` function deposit(address token, uint256 amount) external whenNotPaused { // ... logic } function withdraw(address token, uint256 amount) external { // Special logic: Usually, withdrawals will also be suspended in emergency mode to prevent the spread of bad debts. require(!isEmergencyPaused, "Protocol paused due to security event"); // ... logic } ``` 2\. Trigger Authority * Guardian Multisig (6-of-9): To respond to second-level attacks, a multi-signature wallet composed of core developers and trusted community leaders has the authority to instantly pause the protocol (Instant Pause). * Note: To prevent abuse of power, Guardian only has the right to pause, not the right to unpause. Unpausing must be approved by a vote on a DAO timelock proposal. This ensures that the end of a state of emergency must undergo careful evaluation by the community. 3\. The ERP Workflow Once the Forta monitoring robot detects attack characteristics: 1. Freeze : The fuse is automatically triggered or Guardianmanual call `pause()`At this point, all recharges, transaction creations, and fund withdrawals are frozen. 2. Diagnose: The security team and auditing firms (such as Trail of Bits) stepped in to analyze the attack vectors and determine the scope of the damage. 3. Patch : The development team writes a fix patch and deploys a new logic contract implementation through the UUPS proxy pattern. 4. Vote & Restart : Submit the repair plan to DAO for voting. After the community verifies that it is correct, the vote will be executed. `upgradeTo()` and `unpause()`, the agreement resumed normal operation. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.omnipact.io/developers/omnipact-technology-white-paper/readme/security-and-risk-analysis/9.3-emergency-response-protocol-erp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.