Welcome back to RWG: Behind the Scenes! As an on-chain DAO, every voted-in governance proposal directly shapes the trajectory of our ecosystem—from the future of DOLA and INV, to the management of the Feds and FiRM, and more. While the ability for stakeholders to submit and vote on proposals is a powerful mechanism, it also places responsibility on the DAO to ensure that each proposal is safe, technically sound, and aligned with Inverse’s long-term vision.
This is where Proof-of-Review (PoR) comes in.
The Proof-of-Review system starts an internal process for reviewing proposals before they go live and culminates in an on-chain signature. While the average DAO participant may not have the time to review each and every proposal, PoRs provide an assurance that due-diligence has been performed by the signers who put their name behind them. This “behind the scenes” post walks through the history and various improvements made to the PoR system at Inverse Finance.
The First Iteration: Cultural Signatures
The first version of the PoR system wasn’t enforced by code. It had no gating mechanism to prevent proposals from being submitted without sign-off. But even without technical constraints, we set a cultural precedent: all proposals—especially those impacting user funds or protocol logic—should be reviewed by relevant parties prior to submission. This process was informal but disciplined. Proposal authors would reach out to other contributors for review, typically including one member of the RWG and one from the PWG and/or TWG. More complex proposals would naturally attract a broader range of reviewers.
During this phase, a dedicated “comment” field was introduced to let reviewers record observations or assumptions, and we also added human-readable translations of the on-chain actions so that signers could see clearly what the proposal would execute.
Although this comment feature wasn’t strictly enforced and usage varied, it successfully raised the cultural bar for reviews, preventing many misconfigurations and promoting transparency in our early governance.
The Second Iteration: Tenderly Simulations
As our DAO grew in complexity, we recognized that intangible checks and sporadic comments weren’t enough. We needed a better way to verify whether the code changes truly matched our intentions. That’s when the Tenderly simulation came into play. Now, proposal authors could run on-chain simulations to see exactly what would happen under various scenarios—liquidations, reward distributions, or changes to market parameters—and reviewers could verify these results through shared screenshots or direct links.
This step made proof-of-review more systematic by showing rather than simply telling. Tenderly simulations, combined with human-readable translations, created a more robust second iteration of PoR, giving contributors a clear view of the side effects behind every proposal.
It became clear that a more systematic approach was needed — one that could scale with the DAO’s growing scope.
The Third Iteration: Automated Sanity Checks
Even with Tenderly simulations, we found ourselves wishing for automated scripts to catch potential red flags—especially in FiRM markets, where a slight misconfiguration could lead to major exploits. The third iteration of PoR thus introduced sanity checks and safety hooks that run whenever a proposal is put forward. Examples include:
- Ensuring the market is using the latest Oracle and BorrowController contracts
- Verifying oracle prices aren’t zero or outside an expected range
Checking if any user would be unintentionally liquidated - Validating liquidation incentives and maximum borrowing power
We also introduced contextual warnings: if a price looks abnormally high or low, or if a parameter falls outside typical ranges, the UI will flag it. This helps prevent “valid” but harmful proposals from slipping through due to simple oversights.
These checks are provided as direct UI elements, allowing reviewers to see if the proposal’s effects match expectations. Over time, we plan to expand this system to detect an even broader range of suspicious or inconsistent configurations.
Alongside this, our simulation interface was upgraded to preview how key values—such as oracle prices or liquidation thresholds—will be interpreted on-chain by FiRM contracts. This helps reviewers understand what will actually happen post-execution, rather than relying on raw contract calldata.
Our next major step is to implement role-based review requirements—enforcing that certain signers must provide PoR before a proposal can go live. For instance, a FiRM market proposal might require sign-offs from:
- One RWG reviewer
- Two PWG contributors
- Any developers who deployed the contracts in question
- The proposal creator (with a successful Tenderly simulation)
An important consideration… To address urgent cases (e.g., a time-sensitive exploit fix), we’ll need to maintain a streamlined path that allows critical proposals to bypass some steps if absolutely necessary, ensuring the DAO can still move quickly under emergency conditions.
A Long-Term Vision: Automated Defenses
While PoR adds structure and oversight off-chain, our long-term vision involves embedding more safety checks directly into FiRM’s smart contracts. These “hard guardrails” will reject extreme values and stale data at the protocol level, eliminating whole classes of mistakes or malicious attempts by design. For example:
- Price Feeds that automatically reject out-of-bounds or outdated quotes
- Borrow Limits preventing excessive DOLA issuance per unit of collateral
- Liquidation Caps restricting liquidation parameters to safe ranges
This evolution aims to minimize the need for manual intervention, so that even if a human reviewer misses something, the protocol itself maintains a protective baseline.
Proof-of-Review has grown from a cultural practice at the DAO into an institutional process. With the latest iteration, we’re combining UI tools, contributor structure, and automated checks into a coherent safety layer that sits between the DAO and execution.
With each iteration, we’re getting closer to a future where mistakes become all but impossible, allowing Inverse Finance to innovate securely for the long haul.
Catch you next time!