Nomoi: A Milestone in FiRM's Security Journey


Risk Working Group


4 min

Cover Image for Nomoi: A Milestone in FiRM's Security Journey

At Inverse Finance, we are deeply committed to ensuring the safety and security of our platform and our users' assets. As we continue to innovate and develop new products like FiRM, our fixed-rate money market protocol, it becomes increasingly important to enhance our security measures and risk management practices. With this in mind, we are excited to announce that FiRM has undergone a second security audit! This time, the experts at Nomoi spent over a week reviewing our FiRM repository, with the objective of providing an independent assessment of our smart contracts’ security, code quality, and overall functionality. This engagement was made possible by our friends at Convex Finance, who graciously offered to connect us with Nomoi in preparation for the forthcoming launch of the cvxCRV market on FiRM.

Introducing Nomoi: A Web3 Hacker Collective

Nomoi is a boutique Web3 hacker collective with roots in Open Zeppelin and Consensys. Their mission is to provide comprehensive security audits and services to DeFi protocols and blockchain projects, working as a tight-knit team of experienced security researchers and engineers. Their contributions have helped secure billions of dollars of digital assets. While they might not be as well-known as some larger security firms, their talent is undeniable, and we are proud to have received positive feedback from them.

The Importance of the Nomoi Audit for Inverse Finance

Audits play a critical role in maintaining the safety and security of our platform. In late October 2022, Inverse had hosted a bug bounty contest on the Code4Rena platform, where 198 talented auditors spent 5 days meticulously reviewing the FiRM codebase and reporting vulnerabilities to our Product Working Group (PWG). This contest served as a crucial step in guaranteeing a flawless launch and continued operation of FiRM.

Since then, 3 additional markets have been added to FiRM (with a fourth underway), some requiring non-standard oracle implementations. Today, engaging Nomoi for a full audit of FiRM serves multiple purposes, each of which contributes to our overarching goal of safeguarding our users' assets.

  • Identifying and addressing potential vulnerabilities: The primary objective of the audit is to once again have experienced external auditors thoroughly examine FiRM's smart contracts, both legacy and new, and identify any weaknesses or vulnerabilities that could be exploited by malicious actors. 

  • Committing to our enhanced risk management practices: This audit also serves as an opportunity for us to showcase our risk management strategies. Nomoi's insights and recommendations will help us bolster our risk management frameworks and processes, enabling us to better anticipate and mitigate potential risks.

  • Establishing transparency and trust: At Inverse Finance, we believe in the importance of transparency and building trust with our users. The Nomoi audit provides a renewed independent, third-party assessment of FiRM's security posture, giving our users the confidence to continue using our platform, knowing that we are taking their security concerns seriously.

  • Continuously improving security measures: The security landscape is constantly evolving, and we must stay ahead of potential threats. The Nomoi audit brings a renewed will help us identify areas where we can improve and adopt best practices in security and risk management, allowing us to stay at the forefront of DeFi security. You can find Nomoi’s report on FiRM here.

Looking Ahead: Strengthening Security for the Future

As we continue to grow and innovate on FiRM, periodic audits with the likes of Nomoi mark a significant milestone in our ongoing efforts to ensure the safety and security of the platform and the wider Inverse Finance ecosystem. We are confident that this method of review will continue to provide valuable insights and help us take the necessary steps to improve our platform's security.

We are committed to continuously monitoring and updating our security measures, working with our community, and engaging with experts in the field to stay informed about the latest threats and best practices. We believe that fostering a culture of openness, collaboration, and continuous improvement is key to achieving this goal. 

Looking forward, we plan to expand our efforts to include additional audits, third-party assessments, and collaboration with other industry leaders in the DeFi space. The way we see it, this is a continuous process and one that we, nor any other protocol, should cut corners on.

Stay tuned for updates on the progress of the audit, and thank you for your continued trust and support. Let's build a safer DeFi future together.


Risk Working Group

More Stories

Cover Image for  Introducing sFRAX on FIRM

Introducing sFRAX on FIRM

As we continue to add new collateral to FiRM, our second entry in the stablecoin category, sFRAX, is exciting for multiple reasons. Attractive fixed-rate borrowing opportunities: With sFRAX currently offering yields close to 14%, users can now enjoy a sign...

2 min


Head of Growth