Welcome back to RWG: Behind the Scenes! Season 3 has wrapped up, and we’re eager to share a comprehensive look into the goals, projects, and success metrics we achieved over the past six months. All directives and accomplishments remain archived in the Risk Working Group Digest, our dedicated website that serves as an exhaustive record of our ongoing efforts. Let’s dive in a thorough examination of our accomplishments and shortcomings, measured against the objectives we laid out in the original Season 3 proposal. But before we do…
Stress Testing the Risk Framework
Season 3 provided a rigorous test of the Risk Working Group’s practices under real-world conditions. During this period, we navigated a 37% contraction in the total crypto market cap, enduring flash crashes of 20% in January, 20% in February, and 10% in April. Each of these events placed heightened demands on RWG operations, particularly on liquidation monitoring, oracle tracking, and overall market stability assessments. Throughout this periods, the RWG maintained active surveillance of FiRM markets, ensuring that liquidation mechanisms operated correctly even in lower-liquidity and hightened-gas environments. In total, 799,263 DOLA was repaid through 23 liquidations across 9 unique markets.
During Season 3, RWG assisted with critical real-time interventions. These included: a PT market misconfiguration requiring a rapid proposal to fix liquidation incentives; a vulnerability in the wBTC market where funds were successfully rescued; and an Immunefi-reported Fed Chair vulnerability, which we neutralized by swiftly orchestrating a quorum upgrade for multisig security. Several market adjustments were executed proactively, including pausing or sunsetting riskier markets such as INV and Frax-based LPs where liquidity conditions or counterparty risks deteriorated.
While not always reflected in published documents, ongoing work included researching, simulating edge cases, running adversarial scenarios, and engaging in rigorous internal debate. Protocol defense at this level is not a scriptable task; it demands creative, critical, adversarial thinking. The invisible labor contributed directly to maintaining protocol solvency, ensuring no bad debt accrual despite volatile market conditions. The events of Season 3 reinforced the importance of constant monitoring, active incident response procedures, and continuous refinement of risk management practices.
WG Goals
Enhance Existing Frameworks
During Season 3, we had set out to modernize our suite of risk management frameworks. While we did not migrate away from Google Sheets, we began exploring Google Apps Script to automate core framework functionality—starting with the Contract Ledger. This approach retains the familiarity and flexibility of Sheets while introducing a foundation for automation and real-time updates. We plan to expand this method across other in-house frameworks.
Develop New Frameworks
We introduced three major frameworks that advanced our risk infrastructure. The Contract Ledger Master Sheet centralized contract metadata and introduced automated views—such as dependency mapping, governance control analysis, and audit tracking—transforming raw smart contract data into actionable insights. We also formalized the Proof-of-Review (PoR) system, integrating Tenderly and live FiRM positions simulations and automated sanity checks to strengthen proposal safety. Lastly, we looked to revamp the DOLA Health Dashboard (still ongoing) into a comprehensive framework for tracking DOLA’s peg resilience and collateral risk tiers.
Conduct Comprehensive Risk Assessments
The RWG drafted risk assessments across a wide range of FiRM markets and partner integrations, including stable LPs in sUSDe, sUSDS, scrvUSD, deUSD, USR, and reUSD; the new PT-sUSDe-29MAY2025 market; PT oracle design choices for FiRM; the Gearbox Fed—our first ERC4626-compatible Fed; and the LayerZero (OFT) and SonicGateway as bridging solutions. We also audited existing price feeds, resulting in the migration of the wBTC and wETH markets to the new modular ChainlinkBridgeAssetFeed logic devised by the PWG. This upgrade reduced oracle complexity and laid the groundwork for streamlined future feed deployments.
Drive Security-Related Cooperation
Season 3 marked major strides in advancing RWG’s “Four Lines of Defense” strategy. We adopted the Security Alliance’s Safe Harbor Framework, formally integrating protections for whitehats during active exploit scenarios. This proactive agreement strengthens our ability to respond quickly and transparently during security incidents. We expanded our Bug Bounty Program, maintained an updated scope list, helped process numerous submissions and coordinated payout processes. Externally, we presented audit options to the DAO for Monolith. We successfully launched and administered the Liquidator Grants Program, onboarding MEV actors and tracking real-world execution data to ensure protocol-level liquidation support during volatile market conditions. Finally, we hosted calls with OpenZeppelin Defender, Forta, and ZeroShadow to explore automated threat detection and recovery tooling, and opened discussions with Nexus Mutual around increasing our bounty ceiling to attract higher-tier researchers.
Facilitate Governance Participation
Throughout Season 3, the RWG maintained a strong presence in DAO governance by drafting and guiding over 36 risk-aligned proposals to execution. These included the launch and expansion of multiple FiRM markets, alongside infrastructure improvements like the Borrow Controller upgrade post-Pectra, the ALEv3 integration, and oracle feed upgrades for wBTC and wETH. Our proposals were often accompanied by internal documentation, Proof-of-Review coordination, and forum and Discord commentary to improve proposal clarity and encourage informed community engagement around technical governance decisions.
Maintain an Updated Library of Directives
Our Risk Working Group Digest continued to grow as a central archive of RWG work, featuring comprehensive documentation of frameworks, assessments, proposals, and more, thus promoting knowledge sharing and transparency.
Projects
Participate in FiRM v2 Design Process
Development for FiRM v2 was largely paused during Season 3 in favor of prioritizing Monolith. The RWG remained engaged in early design discussions and provided feedback across several areas. Our contributions focused on clarifying the protocol’s proposed security posture at launch, and shaping brand positioning and messaging.
Implement Liquidator Grant Program
Season 3 marked the successful launch of the Liquidator Grant Program, aimed at incentivizing reliable third-party liquidators and strengthening FiRM’s liquidation infrastructure. The RWG oversaw the onboarding of participants, processed the program’s first refund payouts, and ensured that all actions aligned with protocol guidelines. This initiative has not only expanded our network of proficient liquidators but also laid the groundwork for improved engagement with MEV actors.
Strengthen Risk Monitoring and Alerts
We expanded our risk monitoring capabilities through both internal and public-facing systems. In close collaboration with the AWG, the RWG introduced specialized alerts for liquidity thresholds in higher-risk assets and oracle variance triggers, enabling faster detection of evolving risks. A Public Alerts section was also launched in Discord server, allowing community members to receive real-time updates on a variety of Inverse-related events classified into 5 categories; governance, fed, firm, staking, and auction.
Adopt SafeHarbor Framework
In Season 3, we formally integrated the Security Alliance Safe Harbor Framework into our “Four Lines of Defense”, enabling whitehats and MEV rescuers to legally intervene during active exploits. This initiative significantly bolstered our proactive defense capabilities by aligning incentives with real-time threat mitigation. We communicated its adoption through X and Discord announcements, documentation updates in the RWG Digest and official Inverse Docs.
Review Operational Processes
Season 3 saw a systematic revamp of one of our core operational processes, the Proof-of-Review (PoR) system. The structured enhancements included the addition of Tenderly and live FiRM position simulations, and automated sanity checks, significantly bolstering our governance and proposal submission integrity. We also executed cleanup actions such as sunsetting outdated markets and removing deprecated contracts from our bug bounty scope, mitigating unnecessary operational risks and bounty payouts.
Author Risk-Centric Content
While we did not maintain a monthly cadence, we authored two new installments of the “Behind the Scenes” series during Season 3, continuing our commitment to transparency and education. These included deep dives into the Proof-of-Review system and the Contract Ledger framework. This series remains foundational to communicating RWG’s evolving methodologies and risk management strategies to a wider audience.
Success Metrics
Framework Modernization Completion
We modernized two key frameworks; the Proof-of-Review (PoR) system and Contract Ledger master sheet. These upgrades marked a shift toward dynamic and automation-ready infrastructure, improving the DAO’s capacity for monitoring and risk governance.
“Four Lines of Defense” Adoption
As of Season 3, three of the four lines of defense—preventive measures, real-time monitoring, and incident response —are fully implemented and operational, actively supporting our comprehensive security operations vision. Recovery is now the sole missing piece.
Risk Assessments Conducted
We authored over a dozen risk assessments during Season 3, namely covering new collateral markets. We also revisited key legacy markets by auditing oracle configurations and staleness thresholds settings, while maintaining a weekly cadence to the Risk Observer Checklist.
Incident Response Improvement
We did not conduct a War Games exercise during Season 3. However, the integration of the Safe Harbor Agreement marked a key step forward in improving our ability to respond quickly and effectively to active exploit scenarios.
Governance Participation
The RWG authored 36 governance proposals during Season 3, in line with our past seasons’ totals.
Content Production
We published three “Behind the Scenes” posts during Season 3: Proof-of-Review, the Contract Ledger, and this Season 3 Recap. This was below our original monthly goal, and while we stand behind the quality of these educational pieces, they have yet to reach the level of visibility and engagement we had hoped for.
Bug Bounty Program Engagement
The program received 89 submissions from novice to intermediate and even advanced whitehats and issued 5 payouts totalling 15,000 DOLA. We also increased our program ceiling by 100,000 DOLA, boosting researcher participation and visibility.
Looking Forward
As we conclude Season 3, the RWG remains committed to advancing our risk management capabilities, enhancing operational excellence, and maintaining transparent governance practices. With an ever-strengthening framework foundation and growing security measures, we eagerly anticipate addressing new challenges and opportunities in the forthcoming seasons if given the opportunity.
Thank you for joining us in this journey. Catch you next time!