Welcome to the latest installment of RWG: Behind the Scenes! This week, we’re peeling back the curtain and diving deep into the goals, projects, and success metrics that we had set out to achieve and that shaped our journey over the past season. To prepare for the occasion, we’ve created the Gantt chart presented below. A copy of the original file can be accessed here for closer inspection. This visual showcases 18 projects we initiated and successfully completed during Season 1. Its purpose is to provide a comprehensive snapshot of our team’s strategic planning and effective execution over the past season.
Below we assess each goal, project, and success metric as it was laid out in the original proposal… so buckle up cause it’s going to be a long one. You can access the Risk Working Group Season 1 proposal here.
WG Goals
Enhancing the risk management framework of Inverse Finance
The RWG developed frameworks such as the Collateral Parameterization and the Liquidation Factor and Minimum Debt Methodology frameworks. Additionally, the RWG developed reporting tools such as the Risk Observer Checklist. These initiatives allowed us to drive policy and recommend changes more confidently, improving the protocol’s ability to anticipate potential risks.
Identifying and assessing potential risks to the protocol
The RWG worked on upgrading its collateral onboarding process via enhancing its risk assessments. We now have a cadence set to revise past assessments, where we make use of the aforementioned frameworks and other monitoring tools to track the ever-evolving risk profiles of collaterals integrated into FiRM. In doing so, we’ve maintained a comprehensive understanding of the risk landscape, and have driven initiatives to fine-tune FiRM’s safety posture.
Developing risk mitigation strategies
The RWG made strides towards honing its risk mitigation strategies. Integral to this was the creation of the Risk Observer Checklist, which every week provides a comprehensive overview to core team members of the various DAO facets the RWG monitors. These observations culminated in a wide variety of actions and DAO-approved proposals targeting different areas of identified risks, such as parameter adjustments to existing FiRM markets, updates to our bug bounty program, deprecating contracts that were no longer in use but still posed a risk (dubbed “Spring Cleaning Initiatives”), and updating our governance requirements.
Ensuring the safety and security of users’ funds
Inverse Finance engaged the services of yAudit for a comprehensive audit of sDOLA and associated smart contracts. We also revamped our bug bounty program, with a new host platform in ImmuneFi and an increase of the bounty size. The RWG played a leading role in ensuring these initiatives were conducted properly from start to finish. Furthermore, disclosures were posted on our Gitbook, the official Inverse Docs, and the Discord server to remind our audience that FiRM and any other protocol deployed by Inverse, however thoroughly tested and audited, will always carry risk.
Monitoring and managing operational risks
Evolving market conditions, collateral integrities, liquidity shifts, and network congestion throughout Season 1 have required the RWG to monitor and manage operational risks within our domain continuously. Regularly assessing our internal protocols and PoL’s risk exposures through our role of head-of-multisigs has led to targeted recommendations. Furthermore, the RWG actively participated in internal reviews and discussions of proposals on our governance channel to ensure that safety culture was adequately represented and addressed.
Collaborating with other working groups
The RWG actively engaged with all other working groups to address shared challenges and achieve common goals. We were involved in virtually every communication channel between Inverse Finance and other protocols. Furthermore, the RWG took part in several cross-working group initiatives; sharing ownership of SecOps and the Bug Bounty Program with the PWG, signing off on all TWG actions by being a signer on the various multisigs and taking part in biweekly treasury strategy calls, making full use of Inverse Watch and devising an extensive list of alerts with the AWG to warn members in relevant working groups of relevant on-chain events. We believe the RWG strengthened its relationships with other working groups during Season 1.
Projects
Refine our in-house asset scoring models
Significant strides have been made in refining our in-house asset scoring models. The RWG conducted thorough evaluations of existing parameters and improved on our methodologies to derive them; incorporating new data sources and drawing upon analytical techniques to enhance their utility. This was evident in initiatives such as the Collateral Parameterization, Liquidation Factor and Minimum Debt Methodology, and the LP Analysis and Daily Borrow Limit Methodology. The end result are models we can more confidently rely on when recommending changes at the protocol level.
Implement additional security measures
The RWG has led initiatives leading to tangible improvements to our protocol security measures. This is exemplified by our bug bounty program revamp; migrating from the Hats Finance to ImmuneFi platform, and increasing the payout for security researchers in an overall effort to draw more attention to our live contracts. In the 4.5 months since our onboarding, we received a total of 47 submissions (and issued 1 payout), 8 of which were from advanced and intermediate-level whitehats. For comparison, we had received 6 submissions total in a 10 month period with Hats Finance. The RWG also played a role in ensuring our contract scope list was up-to-date and assisted the PWG with addressing individual submissions.
Engage third-party audits and security reviews of smart contracts
The RWG engaged several auditing firms, maintaining relationships with industry leaders and recommending what ultimately led to the engagement of yAudit to conduct a comprehensive audit and security review of the sDOLA smart contracts. By staying current with the security and auditing landscape, the RWG has formed an educated opinion on several auditing firms and their required budgets, and can draw upon various points of contact for whatever future auditing needs the DAO will seek out.
Enhance incident response and recovery procedures
Some progress was made by the RWG to enhance the existing incident response and recovery procedures. Attempts to pursue the “SEAL Drills Program” were unsuccessful. The RWG, in close collaboration with the AWG, continued to build out its network of alerts through Inverse Watch. Remaining procedures and infrastructure were deemed appropriate to maintain at this stage.
Success Metrics
Number of identified risks and their severity
Throughout Season 1, the RWG diligently identified and assessed risks to FiRM, Inverse Finance, and its users. Activities such as conducting revised risk assessments for various collateral assets, including cvxFXS, CRV, cvxCRV, st-yCRV, INV, and wBTC, exemplified this effort. These assessments involve thorough analysis of arising potential risks associated with each asset, running liquidation simulations and measuring market volatility, and on-chain liquidity to name a few areas of focus. Additionally, the RWG actively participated in discussions in public forums and authored proposals related to risk management strategies, such as the proposal to revise liquidation factor and minimum debt parameters in select FiRM markets. One recent development in cvxFXS liquidity led the RWG to call upon its guardian role in pausing FiRM’s cvxFXS market. The RWG effectively identified risks and led initiatives to ensure that appropriate measures were implemented to mitigate their severity.
Number and severity of security incidents
In Season 1, 0 security incidents were recorded at Inverse Finance. Engaging in bug bounty program activities and addressing bug submissions is just one facet the RWG participates in to get to this result. Together with AWG, we continued to build upon our robust alerts system via Inverse Watch. With the GWG, we addressed faulty 3rd party dependencies in a timely manner, e.g. fixing Coingecko’s faulty price reading for DOLA. Ongoing education initiatives, such as the “Behind the Scenes” series, helped raise awareness of our protocols overall security posture and promoted safe practices to our users. Through these proactive measures and swift response actions, the RWG played its role in this result.
Timeliness of incident response and recovery
Throughout Season 1 the RWG maintained a vigilant stance on security, and demonstrated a strong commitment to ensuring the timeliness of responses to bug submissions coming through the ImmuneFi Bug Bounty Program. This was achieved by playing a role in the upkeep of the bug submission portal on our Discord, a procedure first devised by the PWG. This environment, hidden from the public, sets out a clear incident response, including predefined tags, roles and responsibilities, escalation paths, and communication channels for each individual submission. Our timeliness was within the acceptable range of response times set forward by the ImmuneFi team.
Adoption and implementation of recommended security measures
During Season 1, the RWG was the proactive voice advocating and driving enhancements to our security measures. Activities such as new FiRM market deployments based on our data-driven recommendations (e.g. Add wBTC market to FiRM), adjustments to existing market parameters based on revised risk assessments (e.g. Adjust parameters of the EMA Oracle Price Feeds), facilitating communication channels and collaboration with external auditors, our ‘spring cleaning’ proposals to eliminate overhead and effectively deprecating contracts no longer in use (e.g. Remove minting rights for Deprecated Feds), all exemplify this commitment to security. Cumulatively, the RWG put forward 19 risk-centric proposals during Season 1, all of which passed through governance with 100% approval rate.
Looking Forward
As we turn the page on an impactful Season 1, the RWG is already setting its sights on the future with a renewed sense of purpose and commitment. Looking forward, we aim to build upon the solid foundation we’ve established, enhancing our strategies, tools, and collaborations to address the evolving challenges Inverse will face as it develops and grows its suite of products.
Moreover, we are committed to maintaining transparency and fostering education around risk management practices. So expect to see more Behind the Scenes posts in the coming months. Our goal with this series is to empower our community members to make informed decisions and contribute to the protocol’s safety and success.
Catch you next time!