Authors: Edo
Reviewers: Karm
1. Summary
Proposal for Inverse Finance DAO to cover operations of the Risk Working Group (RWG) for the duration of Season 2, running from May 1st to October 31st, 2024.
2. RWG @ Inverse Finance
The RWG is integral to Inverse Finance DAO; responsible for identifying, assessing, and mitigating risks to the protocol and its users. It supports all existing and future functions of Inverse Finance, providing sound risk analysis, risk management, and risk monitoring for all DAO products. The RWG also works closely with other working groups such as the Treasury Working Group (TWG), Growth Working Group (GWG), Analytics Working Group (AWG), and Sec Ops to pursue it’s security goals and to promote safe practices amongst working members of the DAO. Past projects, frameworks, risk assessments, and more the RWG has authored can be found in the RWG Gitbook.
Compared to traditional finance, significantly more risks are present in DeFi for individual users and protocols: malicious actors, esoteric smart contract risks, unknown correlations between tokens and projects, short track records, unproven and experimental economic theories, anon teams/devs, and the irreversibility of transactions to name just a few. Inverse Finance faces a unique set of risks as operators of a lending protocol that manages an interest token whilst also issuing a stablecoin. Additionally, the presence of DOLA bad debt requires constant attention to detail and a zero-tolerance policy for errors. This demands a round-the-clock presence nearly every day of the year, which is critical for safeguarding the DAO and its users.
The importance of a robust risk management function within Inverse Finance cannot be overstated.
The RWG is well poised to build upon our risk management practices and will ensure that value-add to the DAO is accompanied by an elevated and on-going degree of risk awareness. Furthermore, the RWG will remain open to new ideas and continually search for improved, research-backed methods of analyzing, managing, and addressing risks.
2.0. Season 1 Recap
For a comprehensive recap of our Season 1, including goals, projects and success metrics be sure to review our latest forum post titled: “Behind the Scenes: Season 1 Recap”.
2.1. WG Goals
During Season 2, the RWG intends to build upon several key directives defined during Season 1. These align with the DAO’s “North Star” objectives laid out before the start of Season 1, demonstrating our WG’s contribution to Inverse Finance’s overarching objectives. Season 2 RWG goals include:
- Enhance existing frameworks: Continuously improve existing risk management frameworks such as the Collateral Parameterization, the Liquidation Factor and Minimum Debt, and the Daily Borrow Limit frameworks to cover more use-cases and to adapt to evolving market conditions and emerging risks.
- Develop new frameworks: Explore and develop new risk management frameworks tailored to address emerging risks and challenges with managing Inverse’s suite of products. These may include additional frameworks built around FiRM, or targeting Fed deployments, PoL, to name a few.
- Conduct comprehensive risk assessments: Regularly assess and update risk assessments on existing and prospective FiRM markets, ensuring thorough analysis of existing and/or emerging risks and vulnerabilities associated with each collateral asset.
- Drive security-related cooperation: Foster collaboration amongst working groups and between the DAO and third-party auditors/security consultants, mediating close working relationships to align on security practices and risk mitigation strategies.
- Review operational processes: Conduct periodic reviews of operational processes and procedures within Inverse Finance to identify areas for improvement, streamline operations, and ensure compliance with best practices and industry standards. These can range from staying current with MiCA and other regulatory headwinds to addressing SPOFs tied to the upkeep of third-party services and platforms such as X, Google Drive, Vercel.
- Facilitate governance participation: Actively engage in governance forums, providing input on proposed strategy and policy changes and proof-of-reviews for on-chain actions tied to proposals.
- Author risk-centric content: Continue to produce informative content such as the "Behind the Scenes" series, contributing to the Inverse forum, blog, and social media platforms to raise awareness of risk management practices.
- Maintain an updated library of directives: Keep an updated library through Gitbook of past and present RWG directives and contributions, providing a comprehensive resource for the community to reference.
2.2 Responsibilities
The RWG will undertake the following ongoing responsibilities during Season 2:
Multisigs:
- Maintain the role of head-of-multisigs; monitoring signing availability for sensitive multisigs, funds at risk, approvals and allowances, promoting safe practices amongst signers, and periodically weighing in quorum settings.
- Fulfill the duties of various multsigs. Primary roles and powers of all multisigs can be found here. Multisigs with RWG members include:
- RWG - enacting pause guardian for FiRM markets
- TWG - setting out to optimize allocation of PoL and managing liquidity operations.
- AWG - handling analytics upkeep costs (the graph etc).
- Fed Chair - managing and implementing Fed policies
- Policy Committee - handling the reward rate policies, enacting governance guardian, and holding the BondsManager role.
- Bug Bounty Program - handling rewards for bug bounties.
RWG:
- Lead initiatives targeting parameter setting and fine-tuning for FiRM markets and other DAO products and deployments, utilizing the various risk management frameworks to drive data-driven recommendations.
- Weigh in on partnerships brought forward by the GWG, strategy driven by the TWG and Fed Chair, alerts and monitoring dashboards created by the AWG, and policy changes proposed by Policy Committee.
- Review all governance proposals and provide an on-chain proof-of-review of on-chain actions.
- Educate and promote a transparent operation through authoring risk-centric content (e.g. risk assessments, or the “Behind the Scenes” series) via the forum, blog, and through social media.
- Archive all past and present directives and contributions through the RWG Gitbook.
SecOps:
- Maintain the role of co-lead of SecOps; driving security-related cooperation between working groups and between third party auditors and security consultants and the DAO.
- Manage the bug bounty program, spearhead any changes to it, address incoming submissions, and maintain an ongoing working relationship with our host platform.
- Drive the Incident Response Protocol (IRP) when swift action is imperative to preventing or limiting loss and fulfill the duties of the “facilitator”.
… And more
2.3 Projects
The RWG will undertake the following one-off projects during Season 2:
- Modernize Frameworks: Overhaul existing risk management frameworks to accommodate the growing Inverse Finance ecosystem while protecting and observing the current catalog of products. Optimize data collection processes and enhance accessibility. Transition from Google Sheets to a more sophisticated and shareable platform for hosting frameworks, striving for real-time updates and streamlined collaboration among working groups.
- Revamp Risk Observer Checklist: Collaborate with the AWG and PWG to explore ways to improve the Risk Observer Checklist. This may include utilizing APIs and integrating real-time data sources to create a dynamic and comprehensive reporting system accessible exclusively to team members. If successful, implement alert systems on top of the reports to facilitate faster response times and enable a proactive approach to addressing evolving situations, ensuring timely risk mitigation measures.
- Reinforce Technical Reporting: As part of the Collateral Onboarding Procedure, the current risk assessments consist of a qualitative report and a technical report. This update aims to further incorporate simulations into the technical report, leveraging tools such as Tenderly and Inverse Watch to provide more comprehensive insights into the risk profile of collateral assets. This may include testing market parameters and contracts pre-launch, testing data feeds, and conducting liquidation simulations. All simulations will be conducted in fork environments to ensure accuracy and reliability of the assessment process.
- Introduce Circuit Breakers: Collaborate with the PWG to explore the possibility of configuring circuit breakers into FiRM via introducing modules to relevant Safe multisigs. This will allow critical actions to be pushed even without enough signers present to reach quorum during emergencies. By implementing circuit breakers, measures can be enact swiftly to safeguard the protocol and it's users.
- Enhance LP Analysis: Test out different models, using data derived from LP analysis, to more accurately measure “liquidity stickiness”. This may involve extrapolating EOA composition, accounting for pool fees and pool parameter settings, to name a few. The outcome will lead the RWG to more confidently recommend decisions related to the daily borrow limit framework and overall collateral assessment which ties into FiRM market parameter setting.
- Develop Gauge Analysis: Explore methods for evaluating gauge health based on protocol ownership/founder-owned weights versus external incentives, bribe hosting platform/s of choice, gauge history etc, with the goal incorporating this analysis into existing frameworks.
- Conduct Fire Drills: Enhance the incident response protocol (IRP) by updating documentation on emergency functions within Inverse Finance and conducting tabletop exercises and simulations to test its effectiveness and ensure that all team members are adequately prepared to handle various scenarios.
- Initiate Cross-Protocol Risk Collaboration: Collaborate with other DeFi protocols to share insights and best practices for managing risks effectively. Establish knowledge-sharing sessions to discuss emerging threats, security trends, and lessons learned from security incidents.
2.4 Success Metrics
To measure the success of the RWG, the following key metrics will be tracked, and reported on at the end of the Season 2 period:
- Number of identified risks and their severity: Track the number of identified risks across various aspects of the protocol, including smart contracts, FiRM markets, related to DOLA and INV expansion, and operational procedures. Assess the severity of each risk based on its potential impact on the protocol and its users.
- Number and severity of security incidents: Monitor the occurrence of security incidents and their severity throughout Season 2. Measure the effectiveness of the IRP in mitigating these incidents and preventing any adverse impact on the protocol through post-mortems.
- Increase in percentage of audited vs deployed smart contracts: Track the percentage of smart contracts and protocol components that have undergone third-party security audits compared to the total number of deployed smart contracts. Aim for a higher percentage of audited contracts, reducing the likelihood of undiscovered vulnerabilities and indicating a proactive approach to security and risk management.
- Increase in bug bounty program engagement: Track the number of bug submissions received through the bug bounty program and the percentage of critical vulnerabilities identified. Aim for a higher engagement rate amongst whitehats with intermediate and expert ratings and a greater number of resolved submissions compared to the previous season.
2.5 Decision making power
The RWG is requesting the DAO to continue to grant us the following delegated decision-making powers throughout our Season 2 engagement.
- Authority to enact the role of the RWG Guardian: The RWG will act within its rights to bring collateral markets on FiRM to an immediate pause if any one of three multisig signers believe a critical threat to the DAO is imminent.
- Freedom to propose and implement risk mitigation policies: The RWG seeks the ability to propose and implement off-chain risk mitigation strategies and protocols without requiring individual approval for each policy.
- Ability to recommend on-chain changes to the protocol based on risk assessments: The RWG aims to recommend changes to the protocol based on risk assessments. This allows the RWG to suggest modifications to smart contracts, operational processes, or other protocol components to address identified risks effectively.
- Decision-making leadership in incident response and recovery procedures: The RWG requests decision-making authority during incident response and recovery processes. This enables the RWG to make timely and informed decisions to mitigate security incidents and ensure a swift recovery. This is especially pertinent to incident response where a clear point of accountability can ensure effective resolution of the issue.
- Approval authority for proposed changes to operational processes and procedures which fall within the domain of risk or which have potential risk implications.
Granting these decision-making powers to the RWG allows for a more effective management of risks, response to security incidents, and contribution to the overall security and stability of Inverse Finance.
3. Budget
In Season 1 Contributors agreed to move to a standard compensation banding system. You can view the full compensation bands here.
3.1 Contributors
Contributors will be active within RWG, to be paid as follows.
Name | FTE | Band | Pro-rata Monthly Salary | Total for Season 1 |
---|
Edo | 1.0 | B | 12,000 | 72,000 |
Karm | 1.0 | B | 12,000 | 72,000 |
Edo [Working Group Lead]
Edo recently completed 2 years at Inverse Finance DAO. Initially onboarded for ad-hoc work in March 2022, Edo led the formation of the RWG in April 2022. His multifaceted role extends beyond risk management, having an innate knack for organizing, cataloging, and documenting. Edo co-leads the SecOps team, and particularly enjoys strategic contributions to the game of DeFi Chess. Prior to his time at Inverse, Edo’s leadership drove a short-duration hedge fund’s success. He has extensive start-up experience, and has successfully restructured operations for a luxury travel brand, drastically cutting costs and doubling annual revenue through innovative frameworks and strategic decisions. His entrepreneurial spirit shines through founding ventures and his interests in DAO governance. Outside of work, Edo is passionate about travel, tennis, long distance running, and culinary arts.
Karm
Karm is a highly knowledgeable DeFi enthusiast with extensive experience in Inverse Finance, spanning nearly three years of active involvement. Within the Risk Working Group, he has undertaken critical responsibilities, including building frameworks, models, technical applications, stress testing, and data analysis, demonstrating his expertise and proficiency. In addition, Karm aids the business development team, supporting initiatives towards the growth of DOLA and creating value for INV holders. His multifaceted contributions as a Discord server administrator, SecOps member, and multisig facilitator are a testament to his dedication and commitment to community engagement and emergency response. Karm's unwavering commitment to Inverse Finance's mission and its growth in the DeFi landscape is highlighted by his extensive skill set and diverse contributions.
3.2 Ad hoc & Tooling
Details | Type | Requested $INV | Requested $DOLA |
---|
3rd Party Audit(s) | Sec Ops | 0 | 26,000 |
Chainalysis Proactive CIR | Sec Ops | 0 | 30,000 |
Bug Bounty Program | Sec Ops | 0 | 10,000 |
Note: The BBP Multisig currently has a DOLA allowance of 54,880 from Proposal #128, as a comprehensive FiRMv2 with Zellic was deferred, this proposal will cancel the previous budget from Proposal #128 and renew the budget for season 2.
3rd Party Audit
At the discretion of the PWG, the RWG will engage the services of a renowned smart contract auditing firm for a renewed comprehensive audit of FiRM. This collaboration is particularly strategic as it further diversifies our pool of reviewers, and their meticulous approach promises to lay a robust foundation for FiRM’s launch on new chains.
Chainalysis Proactive CIR Program
The RWG proposes Inverse Finance partner with Chainalysis and adopt their incident response plan (IRP) for the protocol. The IRP adds an extra layer of security on top of well-developed code and audits. If integrated, the IRP will equip our protocol with expertise and investigative skills to recover lost funds in the eventuality of an exploit. Furthermore, Chainalysis facilitates collaboration between customers and law enforcement, boasting a successful track record in solving complex cases and providing expert witness testimony. The retainer service comes at a cost of $30k/year with the added benefit of acting as a deterrent. Note: The budget request will cover the DAO for the duration of Season 2 and Season 3.
Bug Bounty Program
Funds will be used to increase the payout for our ongoing bug bounty program hosted on the ImmuneFi platform. Our current vault size of 41,000 DOLA falls in the middle/lower range of bounties on the platform. By offering higher rewards, the program can attract more skilled security researchers to scrutinize our code, enhancing the overall security of our platform.
3.3 Flexible Budget
RWG requests a flexible budget as follows to cover unforeseen expenditure that arises during the Season.
Additional flexible budget in $DOLA | 0 |
---|
Additional flexible budget in $INV | 0 |
3.4 Summary
In summary RWG requested the following budget for the 6 months of Season 2.
| S2 $DOLA allowance | S2 $INV allowance |
---|
Contributors | 144,000 | 0 |
Ad Hoc & Tooling | 66,000 | 0 |
Flexible Budget | 0 | 0 |
Total | 210,000 | 0 |