Form Link: https://forum.inverse.finance/t/expanding-the-bug-bounty-program-and-secops-at-inverse-finance-for-a-secure-future/222

Summary

This proposal seeks to allocate a specific budget to strengthen Inverse Finance's security measures by dividing the funds between two functions: engaging the services of Zellic for a comprehensive audit of FiRM in preparation for v2 and deployment on OP AND increasing payouts for the ongoing bug bounty program. This focused approach will help ensure the robustness of FiRM as we instill greater confidence in our user base and the wider DeFi community.

Background

Inverse Finance continues to make progress in strengthening its security measures and was recently praised for doing so by the DeFiSafety team. As a result of proposal #58 titled “Proposal to authorize allowance for formal audits”, we have successfully engaged reputable auditing firms and bug bounty platforms that have helped us identify and address potential vulnerabilities in FiRM and our Fed contracts during our contract review stage (and thus prior to launch). With the impending launch of new features as part of our FiRMv2 Roadmap and our expansion into Optimism, as well as the ever-evolving DeFi landscape, it's crucial to remain vigilant and continue investing in security to ensure the long-term success and growth of our platform.

Proposal

In light of this, The Risk Working Group proposes a specific budget allocation for two key security functions: A new audit of FiRM and enhancing the existing bug bounty program. The breakdown of funds is as follows:

1. Onboarding Zellic (67,000 DOLA): At the discretion of the Product Working Group, we will engage the services of renown Blockchain Security firm Zellic for a comprehensive audit of FiRMv2. This engagement will last approximately three engineer work weeks and be handled a team of 2 auditors, an engagement manager (a former auditor), and overseen by Zellic's CTO. The collaboration with Zellic is particularly strategic as it further diversified our pool of reviewers, and their meticulous approach promises to lay a robust foundation for our launch on Optimism.

2. Increasing Bug Bounty Program Payout (23,000 DOLA): The remaining funds will be used to increase the payout for our ongoing bug bounty program hosted on the Hats Finance platform. Our current vault size of 20,000 DOLA falls in the lower range of bounties on the platform. By offering higher rewards, we can attract more skilled security researchers to scrutinize our code, enhancing the overall security of our platform. This addition will bring our vault to hold over 43,000 DOLA.

The BBP multisig, composed of members from the Risk, Product, Treasury, and Growth Working Groups, will continue to manage the funding and disburse rewards to our partners. We intend this budget to cover the next six months, during which we anticipate launching new products and expanding our ecosystem. Any additional allowance requests will require a DAO vote.

On-Chain Actions

• Set Bug Bounty Program's DOLA Allowance to 90,000