The launch of FiRM, our new fixed-rate money market protocol, brings about a renewed commitment from Inverse to provide a safe and secure platform to our users. One of the roles of the Risk Working Group (RWG) at Inverse is to instill a security framework in the everyday workflows of our core DAO contributors. We have a moral obligation to keep the safety of our users top of mind whilst we brainstorm, ideate, collaborate, code, test, and review. This is especially important in the current environment, where the rapid growth of DeFi has attracted bad actors who have exploited vulnerabilities in our past systems and in those of our peers. Creating more robust tools will bring about the next wave of retail adoption to DeFi.
In this blog post, we’ll delve into the various FiRM safety features. These are categorized below in three groups titled: Software Features, Security Partnerships, and Operational Enhancements.
Be sure to read the FiRM whitepaper if you wish to learn more.
Personal Collateral Escrows - No custody
FiRM and Inverse Finance does not custody any funds from FiRM users. All user funds are held in Personal Collateral Escrow (PCE) contracts controlled by the user and are isolated both by individual user and by token type. This means that FiRM takes a step beyond shared pools of user collateral, commonly found in protocols like Compound Finance or Aave. The PCE’s are highly flexible which allows for individual collateral factors and borrowing limits per token and per position.
While no lending protocol is completely immune to hacks, PCE’s were designed to enable multiple new layers of security. First, by isolating deposits in such a granular fashion compared to cross-collateral pools, PCE’s no longer offer intruders a single pool of assets to target but rather many, smaller targets. Second, with a PCE a depositor’s collateral cannot be loaned. As the only borrowable asset in Inverse Finance’s implementation of PCE’s is DOLA and since borrowable DOLA is capped per collateral asset, the potential impact of a price oracle manipulation incident is reduced to an undue liquidation.
Another innovation for FiRM is the implementation of a Pessimistic Price Oracle (PPO). This new approach to price oracles uses the lower of either the current collateralprice on Chainlink or the 48-hour low price as observed by the PPO, divided by the collateralfactor. For example, if the current Chainlink price for wETH is $1,500 the 48-hour low was $1,000 and the collateral factor is 80%, the PPO returns $1,250.
This approach further discourages potential oracle price manipulation attacks by preventing users from borrowing against more than the lowest recorded value of their collateral over the prior two days. It is likely that this approach will also encourage healthier borrowing and fewer liquidations.
Daily Borrow Limits
A daily borrow limit sets a ceiling on the total amount of DOLA available for loans on any given day in each market. A daily borrow limit helps Inverse reduce its risk exposure on a per-market basis and in the future will allow for the support of more high-risk collateral assets and even PCE’s with customized borrow limits. This limit is adjusted regularly by the RWG as the system matures.
Contract Address Whitelist
A contract address whitelist is a list of approved contract addresses that are allowed to interact with a particular smart contract. This is often used as a security measure to prevent unauthorized contracts from accessing or modifying the data or functionality of the whitelisted contract. FiRM’s contract deployments allows for this security feature to be utilized, at the discretion of the RWG.
As part of our renewed smart-contract review process, Inverse Finance hosted a bug bounty contest on the Code4rena platform to conduct a comprehensive audit of our fixed rate lending protocol, FiRM. The audit was designed to identify any vulnerabilities or weaknesses in the protocol, and to provide recommendations for improvements. The contest saw the highest participation ever, with 198 white-hat researchers providing invaluable feedback to our developers.
Inverse has also recently expanded its bug bounty program by launching a vault on the Hats.finance platform. An open hacking market that scales with the success of FiRM and significantly rewards successful hackers is an integral part of our renewed smart contract review process. We are committed to maintaining the highest security standards, and will continue to work with third-party audit firms to ensure the safety and security of our products.
FiRM contracts were also reviewed by boutique auditing firm DefiMoon, who have been our official security partners during Q4. In addition to providing security consulting and auditing services for FiRM, DefiMoon has also played a role in our recent deployments of FraxBP Fed, Aura Fed, and Velo Fed. Their expertise has helped us identify and address potential risks and improve the safety and security of these deployments. We’re grateful for their support.
In the immediate aftermath of our price manipulation incident, Inverse had hired leading security firm PeckShield in Q3 to perform an audit of our renewed INV oracle solution, as well as our bad debt repayment product. Their report can be found here. More on the debt repayment contracts and how it helps the DAO pay off its bad debt more quickly by acknowledging the different time preferences of the affected users here.
The RWG utilizes a variety of tools developed together with other DAO core contributors to ensure an ongoing safe and secure operation of our operations and products.
The Analytics working group has created a sophisticated in-house alerting system which warns members in relevant working groups of on-chain events such as significant price and liquidity movements. These alerts allow us to quickly identify and respond to potential security threats, and to take appropriate action to protect our users' assets. The custom alerting system is an important part of our overall security strategy, and helps us to maintain the integrity and security of our products.
Inverse Finance is proud to display our full on-chain transparency dashboard front and center on our website. This comprehensive tool provides near real-time, transparent information about our platform and operations, allowing users to see exactly what is happening on the blockchain. Our on-chain transparency dashboard includes detailed information about our liquidity pools, treasury balances, our current bad-debt, and multisig transaction history. It also provides insight into our underlying smart contracts, including their code and execution. This allows users to see exactly how our platform operates and provides assurance that their funds are being handled in a transparent and secure manner.
Overall, our full on-chain transparency dashboard and practices are leading the industry and provide our users with the highest level of transparency and security. We are committed to continue innovating on this front and set new standards for other DeFi protocols to follow.
The signers of various governor and other critical multi-signature wallets are spread across the globe and we have global 24/7 coverage. Inverse finance conducts unannounced security drills to continuously improve our security posture. These fire drills involve simulating various security scenarios, such as a hack or a technical issue, and then measuring how quickly our team is able to respond to the situation. This helps us to identify any weaknesses in our response protocols, and to make improvements to ensure that we can respond quickly and effectively in the event of a real security threat. By regularly conducting security operations fire drills, we can ensure that our team is prepared to handle any security challenges that may arise, and that our users' assets are protected at all times.
FiRM will have a guarded launch in order to ensure the stability and security of the protocol. During the initial launch phase, FiRM will have supply and borrow limits in place, as well as limited collateral options.
The supply and borrow limits are designed to prevent malicious actors from performing notorious bank run exploits. By limiting the amount of liquidity that users can provide and borrow, FiRM can help to ensure that the protocol remains stable and secure, and that users' assets are protected. In addition to the supply and borrow limits, FiRM will initially have limited collateral options. These will be selected carefully and deployed over a period of time. This is intended to eliminate the risk of users collateralizing assets that are highly volatile or subject to oracle exploits for example, and to help ensure that the collateralization ratios remain stable and within acceptable limits.
All parameters are controlled either directly by Inverse Finance DAO governance (xINV voting) or limited agency is delegated to the Risk Working Group, the Treasury Working Group, or guardians, all of which utilize multi-signature wallets. This form of governance is designed to be transparent, decentralized, and inclusive, and is intended to give our token holders a direct say in the direction of the DAO, whilst simultaneously maximizing DAO output. We believe that this governance model is the best way to ensure that the interests of our token holders are aligned with the success of the DAO, and that we can continue to remain relevant in a rapidly growing industry where laggards are left behind.
We will spend to cover several topics brought up in this blog post in future write-ups but for now, that is all.
FiRM is a new protocol and although thoroughly tested and audited, there always is risk inherent in smart-contracts due to Ethereum’s simultaneous execution environment. Inverse Finance is a decentralized, open-source protocol, and is not affiliated with any central authority or organization. Inverse Finance’s products are provided "as is" and without any warranties or guarantees of any kind. Inverse Finance will not be liable for any damages or losses that may result from the use of FiRM. Make sure to follow any local laws applicable when using FiRM. By using FiRM, users acknowledge and agree to these terms and conditions.