Summary
This proposal seeks to allocate a specific budget to strengthen Inverse Finance’s security measures by dividing the funds between two functions: hosting a bug bounty contest to evaluate new code and increasing payouts for the ongoing bug bounty program. This focused approach will help ensure the robustness of our platform and instill greater confidence in our user base.
Background
Inverse Finance continues to make progress in strengthening its security measures and was recently praised for doing so by the DeFiSafety team. As a result of proposal #58 titled “Proposal to authorize allowance for formal audits”, we have successfully engaged reputable auditing firms and bug bounty platforms that have helped us identify and address potential vulnerabilities in FiRM and our Fed contracts during our contract review stage (and thus prior to launch). With new products on the horizon and the ever-evolving DeFi landscape, it’s crucial to remain vigilant and continue investing in security to ensure the long-term success and growth of our platform.
Proposal
As the DeFi space becomes increasingly competitive and innovative, we must stay ahead of the curve by continuously identifying and mitigating potential security risks. In light of this, The Risk Working Group proposes a specific budget allocation for two key security functions: hosting a new bug bounty contest and enhancing the existing bug bounty program. The breakdown of funds is as follows:
-
Hosting a Bug Bounty Contest (20,000 DOLA): At the discretion of the Product Working Group, we will host a bug bounty contest on either the Code4Rena or Sherlock platform once we determine there is sufficient new code to review. This contest will engage whitehat hackers to identify a wider range of potential vulnerabilities in our latest codebase, diversifying our pool of reviewers and ultimately helping us maintain a secure and up-to-date platform.
-
Increasing Bug Bounty Program Payout (20,000 DOLA): The remaining funds will be used to increase the payout for our ongoing bug bounty program hosted on the Hats Finance platform. Our current vault size of 20,000 DOLA falls in the lower range of bounties on the platform. By offering higher rewards, we can attract more skilled security researchers to scrutinize our code, enhancing the overall security of our platform. This addition will bring our vault to hold over 40,000 DOLA.
The BBP multisig, composed of members from the Risk, Product, Treasury, and Growth Working Groups, will continue to manage the funding and disburse rewards to our partners. We intend this budget to cover the next six months, during which we anticipate launching new products and expanding our ecosystem. Any additional allowance requests will require a DAO vote.
On-Chain Actions
- Set Bug Bounty Program’s DOLA Allowance to 40,000