In order to ensure that withdrawal of assets from the system can happen trustlessly, and in a censorship resistant manner, we have in our smart contract a function called forcedWithdrawal. When a forcedWithdrawal request is submitted, we have to either withdraw the money for you, or prove that the request is illegitimate (for example - you asked to withdraw more money than what you have in your off-chain position).
If we fail to do so within a limited timeframe, you can call the “freeze” function - effectively preventing the contract from ever changing its state, and turning on the “escape mode”, in which users can exit with USDC based on the total value of their position in the last accepted on-chain batch.

While partially solving the above problem, forceWithdrawal alone is not enough. For example, if your position has synthetic assets worth $20,000 and 0 USDC, you still wouldn’t be able to withdraw the full $20,000 you deserve, due to the risk factors of the synthetic assets. To that end, we also have a forcedTrade on-chain call. This call allows two users to trade against each other (synthetic <> collateral) in a pre-specified manner. If the system does not perform the trade (or prove its invalidity), the users can freeze the on-chain contract.

In normal operation you shouldn't have to. That said, these functions are publicly accessible via Etherscan and other third party services. Additionally, in the even dYdX's servers went offline, any third party developer could easily create a simple app to allow all users to call these functions and withdraw.

You can read more about our authors here.