Security is an important focus at Inverse today, and a proposal recently passed that aims to formalize an ongoing budget to compensate third-party auditors performing reviews of both legacy code and upcoming product code.
Following the April 2nd and June 16th incidents, Inverse Finance has identified ways to improve our security posture both technically and in regard to our internal product development processes. A “Smart Contract Safety Process'' now involves a more rigorous review of all risks and possible countermeasures tied to each individual contract, as well as a mandatory internal testing period. For example, the way we design and launch new non-Chainlink price oracles has dramatically improved. A critical missing piece of the puzzle was to integrate auditors and whitehats into our smart contract review process. While Identifying security-related bugs at the final stages of review before full deployment is far from ideal, we know more than most that bugs are an inevitable part of developing new software products.
Formal audits were avoided at Inverse due to the false sense of security they often provide as demonstrated by multiple recent exploits to DeFi protocols that were audited by reputable firms. So while audits have drawn skepticism by the greater Crypto audience, We believe that mitigating risk at this stage of our development is of paramount importance and they serve a critical role in the ecosystem and emphasizing our security commitment. Moreover, prospective partner lending markets and CEX’s are increasingly insisting on audits as part of their partner onboarding process.
To that point, several qualified security projects and firms have been vetted by our Risk and Product Working Groups, and the compensation/payment structures to onboard and retain their services reviewed by our Treasury Working Group. We now have shortlisted a handful of them that have stood out and we will soon be announcing several formal partnerships, so be sure to stay tuned!
A multi-signature address (BBP multisig) with a quorum of 4 out of 5 composed of members of the Risk, Product, Treasury, and Growth Working Groups will be tasked with managing funding and dispersing rewards to our new partners.
We believe this proposal highlights Inverse’s continued commitment to improving both security and transparency, and that it will provide much-needed security infrastructure as we unveil a new line of products in the coming weeks and months.