Summary
This proposal adopts the SEAL Safe Harbor for Whitehats framework on behalf of the Monolith protocol, extending the same on-chain safe harbor protections that Inverse Finance itself has operated under since the execution of Proposal 273.
The proposal contains two on-chain actions, both routed through the INV Treasury, which is the owner of the Monolith Safe Harbor Agreement contract:
- Set the per-incident bounty cap on the Monolith Agreement to $1,000,000.
- Register the Monolith Agreement in the SEAL Safe Harbor Registry, formally adopting the framework for Monolith.
Background
The SEAL Safe Harbor for Whitehats, developed by the Security Alliance (SEAL), provides whitehat security researchers with a defined on-chain safe harbor when intervening to prevent or mitigate active exploits against participating DeFi protocols. Adoption is a two-step on-chain process: a per-protocol Agreement contract describing in-scope assets, bounty terms, and security contacts is deployed, and that Agreement is then registered in the canonical SEAL Safe Harbor Registry.
Inverse Finance has been subscribed to SEAL Safe Harbor since the execution of Proposal 273. This proposal extends equivalent on-chain protections to Monolith, whose asset recovery flows are controlled by the INV Treasury.
The Monolith Safe Harbor Agreement has already been deployed at 0x7fb1970F81aCAa1A39f55c92609CE729b0D6f1C0 by SEAL, and ownership has been transferred to the INV Treasury at 0x926dF14a23BE491164dCF93f4c468A50ef659D5B.
Rationale
Bringing Monolith under SEAL Safe Harbor extends a clear, on-chain incentive framework for whitehats to assist in mitigating active exploits against the protocol, complementing Monolith’s existing security posture and aligning Monolith with the broader set of DeFi protocols already covered by the framework — including Inverse Finance itself.
On-chain registration is the binding step of the adoption process. Until the Agreement is recorded in the Registry, Monolith is not formally adopted and the safe harbor protections are not in effect.
Adoption Details
The following terms reflect the Monolith Safe Harbor configuration that will be in effect once this proposal executes.
Predetermined rewards for successful whitehats that recover protocol funds.
| Field | Value |
|---|---|
| Percentage | 10% |
| Cap (per incident) | 1,000,000 DOLA |
| Aggregate Cap | None |
| Retainable | Yes — whitehats may retain their bounty directly from recovered funds, streamlining the payout process for both the whitehat and the protocol |
| Identity | Pseudonymous — whitehats must identify themselves to the protocol but are not required to provide a real name or any formal identification |
| Diligence Requirements | None |
Asset Recovery Addresses
Addresses controlled by the protocol to which recovered funds will be returned by the whitehat.
| Chain | Address |
|---|---|
| Mainnet | 0x926dF14a23BE491164dCF93f4c468A50ef659D5B (INV Treasury) |
In-Scope Accounts
On-chain assets owned by the protocol that are protected under Safe Harbor.
| Chain | Name | Address | Child Contract Scope |
|---|---|---|---|
| Mainnet | Factory | 0x6D961c9DCF1AD73566822BA4B087892e3839B849 | None |
| Mainnet | InterestRateModel | 0x5B679dDD0edDce323f74AEc38E3849d70d57C113 | None |
Child Contract Scope = None is intentional for the Factory: only the listed addresses are in scope. Child markets deployed via the Factory are explicitly excluded so that coverage cannot extend to wrongfully configured Monolith markets.
On-Chain Actions
Both actions are executed by the Treasury Timelock. Action 1 raises the per-incident bounty cap on the previously deployed Agreement from its initial value of $200,000 to $1,000,000; all other bounty parameters remain unchanged from their currently configured values. Action 2 records the Agreement in the SEAL Safe Harbor Registry, completing formal adoption.
Action 1 — Update bounty cap on the Monolith Safe Harbor Agreement
| Field | Value |
|---|---|
| Target | 0x7fb1970F81aCAa1A39f55c92609CE729b0D6f1C0 |
| Value | 0 |
| Signature | setBountyTerms((uint256,uint256,bool,uint8,string,uint256)) |
Decoded parameters:
| Field | Current | New |
|---|---|---|
| bountyPercentage | 10 | 10 |
| bountyCapUSD | 200000 | 1000000 |
| retainable | true | true |
| identity (enum) | 1 (Pseudonymous) | 1 (Pseudonymous) |
| diligenceRequirements | “None” | “None” |
| aggregateBountyCapUSD | 0 | 0 |
Action 2 — Adopt the Agreement into the SEAL Safe Harbor Registry
| Field | Value |
|---|---|
| Target | 0x326733493E143b8904716E7A64A9f4fb6A185a2c |
| Value | 0 |
| Signature | adoptSafeHarbor(address) |
| Param agreementAddress | 0x7fb1970F81aCAa1A39f55c92609CE729b0D6f1C0 |
References
- SEAL Safe Harbor framework: GitHub - security-alliance/safe-harbor · GitHub
- Monolith Safe Harbor Agreement: Address: 0x7fb1970F...9b0D6f1C0 | Etherscan
- SEAL Safe Harbor Registry: Address: 0x32673349...b6A185a2c | Etherscan
- Prior Inverse Finance Safe Harbor adoption: Proposal 273