Proposal: Form a Risk Working Group
Written by @edo
Summary: form Risk Working Group to provide dedicated resources for assessing and managing multiple areas of risk for Inverse Finance.This forum post is intended to solicit feedback from the DAO on matters pertaining to following write-up.
On April 2nd, the Keep3r TWAP oracle for $INV was manipulated. A capital-intensive manipulation of the INV/WETH price oracle on Sushiswap resulted in a sharp rise in the price of $INV, which subsequently enabled the attacker to borrow tokens against the inflated $INV price from Anchor, Inverse Finance’s money market and marquee product. The resulting loans were to the tune of $15.6 million in DOLA, ETH, WBTC, & YFI, which the DAO has committed to repay. This manipulation was in part allowed to occur due to the degree of trust that Inverse Finance placed in the TWAP oracle. The capital-intensive manipulation was on the order of $3m which, due to its size (and other risk factors for the manipulator), was not considered to be a likely attack vector. Events showed otherwise. Critically, the lacking factor for the DAO was an ongoing risk evaluation of the state of the protocol. For example, a continuous risk analysis may have highlighted risks once the locked assets passed a certain threshold in combined value, making the protocol more attractive to oracle manipulations.
Despite this setback, Inverse Finance remains committed to pursuing its ambitious goal to reach 1 billion DOLA in circulation by the end of 2022 with the recent launch of INV+. In order to help Inverse reach this objective, and to address the valid concerns of the DeFi community and reduce the likelihood of future exploits to Inverse products, a Risk Working Group (RWG) should be established by governance vote.
The RWG will be available to support all functions of Inverse Finance, including DOLA expansion, focusing on providing sound risk analysis, risk management, and risk monitoring for existing products and for the efforts of the Growth Working Group (GWG), Operations Working Group (OWG), Analytics Working Group (AWG), and the Treasury Working Group (TWG).
Compared to traditional finance, significantly more risks are present in DeFi for individual users and protocols: malicious actors, esoteric smart contract risks, unknown correlations between tokens and projects, short track records, unproven and experimental economic theories, anon teams/devs, and the irreversibility of transactions to name just a few. The DeFi landscape is a perilous one and perhaps few feel this more at the moment than our DAO. And while it is of vital importance that we make good on our commitments to those affected by the recent exploit, it is equally important that we address the topic of risk comprehensively. The RWG’s directive is to ensure this.
Due to the early stage of risk management modeling in DeFi, RWG will approach its objectives using a mosaic approach – select risk research and best practices from TradFi will be adapted and coupled with leading DeFi research and best practices. Given the strong investment acumen and expertise at Inverse Finance, we are well poised to innovate risk management practices for our own community members and the wider DeFi ecosystem.
The RWG will remain open to new ideas and continually search for improved, research-backed methods of analyzing, managing, and addressing risks. In time, the RWG will become an asset, and will ensure that value-add to the DAO is accompanied with an elevated and on-going degree of risk awareness.
Following months of discussion with core team members, and utilizing the foundational work of past DAO contributors, RWG will spearhead building out Risk Governance, which is comprised of:
Risk Register [Identifying Risks]
- Collaborate with other working groups to understand, define, and document all risks associated with Inverse’s business operations, contributors, and investments.
- Set a recurring cadence to apply the risk identification process for existing products and new business opportunities to identify new and emerging risks.
Risk Assessment Framework [Assessing/Evaluating Risks]
- Develop a risk assessment methodology based on best practices from peer DAO’s and protocols (Yearn, Rari, Beefy, DeFiSafety, etc) to assess individual risks and accordingly assign safety scores to collaterals, money markets, oracles, protocols and liquidity pools.
- Partner with Analytics Working Group (AWG) to build proprietary tools to report risk assessment results efficiently and accurately to other working groups.
Risk Prevention and Mitigation Strategies [Preventing/Mitigating Risks]
- Create a dashboard environment where the ‘health’ of all current DOLA Feds and Inverse Products is accessible 24/7; a necessary product to transition the management of DOLA Feds from Nour to a multisig-based AMO.
- Based on risk assessment results and an evaluation of current practices, formulate risk prevention and mitigation strategies consisting of policies, procedures, and/or controls to help prevent (where possible) and mitigate risks.
A critical component in achieving our goals is establishing internal partnerships within Inverse. The table below lays out how Growth, Treasury, Operations, Analytics and Risk groups might interact. Even if daily operations of these groups are decentralized, a certain level of coordination will be necessary to ensure Inverse-wide objectives are met.
|Collaboration||Scope of interaction (includes, but is not limited to)|
|RWG <> All Groups||Identify and define risks to build the risk register|
|RWG <> GWG||Score the various components of existing and prospective lines of business according to the risk assessment methodology to corroborate decision making|
|RWG <> TWG|
|RWG <> AWG||Create tools in the forms of queries, Dune dashboards, and eventually The Graph, to streamline reporting the various forms of risk undertaken by Inverse as it grows as a business|
|RWG <> OWG||Build policies, procedures, and/or controls to help prevent and mitigate risks|
As RWG directives are being developed, analytical tools devised to streamline the risk assessment framework can be repurposed to serve the Feds’ unique and innovative characteristics. In time, these will allow for automated mechanisms to manage interest rates via supply per our Fed contracts, as well as a more comprehensive monitoring process - integrating safety measures into the lending/borrowing properties via the Fed system.
Once established, the RWG will work towards gradually assuming management responsibilities for new and existing DOLA Feds in close collaboration with Nour Haridy. Through the use of a multisig-based AMO, the Fed management process will involve a team of core contributors and thus resolve one of the single points of failure that has most DAO members concerned. This process will take place in stages over the course of 2022 as the RWG and Risk Governance take shape. The specifics of the multisig (including number of members, approval threshold, whether Nour will have final word or be an equal voter) are outside the scope of this proposal.
Perform due diligence review process
- Continue performing due diligence work on a case-by-case basis.
- Collaborate with various working groups to identify existing risk-bearing lines of business that have lacked a risk-centric review and perform said review.
- Establish a communication chain with working groups to ensure Risk Governance is included in their operational workflows.
Form Risk Working Group
- Socialize and gather feedback on Risk Working Group proposal
- Post proposal to Forum and subsequently to for the DAO to vote upon
- Form the team (see below for additional details)
The importance of a robust risk management function within Inverse Finance is hard to overstate at this moment. From providing ongoing due diligence for new lending opportunities, risk assessment of new liquidity strategies, to managing an increasingly complex and disparate array of DOLA Fed lending facilities, a solid Risk Management team is essential to the success of Inverse going forward.
To scale Inverse from a risk standpoint ultimately requires a multi-person team that is available to act 24 hours per day, 7 days a week. In addition, redundancies are required to review the work of members of the risk team and decisions with regard to the DOLA Fed, etc.
With this in mind, we propose the RWG be composed of at least one full-time contributor, hired on as a Risk Manager, and a part-time contributor at launch. Myself (Edo), and Karm, a trusted DAO member, are nominating ourselves for the Risk Manager and Risk Contributor positions. Depending on the growth prospects of the business in the next ninety (90) days, an assessment of the team’s progress should occur which may warrant the onboarding of additional full time contributors. In the interim, the DAO should make efforts towards hiring a Head of Risk.
Below are job descriptions for the aforementioned job positions -
Head of Risk
The Head of Risk position will have the following responsibilities in addition to those laid out in the Risk Manager job description:
Assume the role of the subject matter expert (SME) and provide a guiding vision for the RWG
Build relationships with heads of other working groups and strategize the management of their risks through incorporation of Risk Governance in their operational workflows
Enact a thorough, disciplined, and repeatable message to other working groups on RWG needs and findings
Provide thought leadership to Inverse Finance and the broader DeFi community through articles, threads, speaking engagements, and various forms of media
Oversee and guide the Risk Manager in carrying out their responsibilities
A Risk Manager will have the following responsibilities:
- Build and add to an archive containing risks the business is currently exposed to
- Enact an initial screening process for any new business opportunity brought forward by business decision makers
- Devise assessment methodologies to quantify and qualify business decisions
- Create and use analytical software designed to improve efficiency and accuracy of calculating risks
Prevent and Mitigate Risks
- Prepare risk assessment write-ups to complement business proposals
- Monitor the health of ongoing business activities and report findings periodically
- Make strategic recommendations to prevent and reduce risk
In summary, the role of a Risk Manager will be to identify, assess, prevent, mitigate, and report on risks pertaining to existing and new lines of business. Managers will also advise on recovery actions for the DAO in the event of an exploit, breach, and/or loss of confidence.
Risk Contributor (Part-Time)
Areas of focus for a part-time contributors include (but not limited to):
- Due diligence research with security assessments
- Monitoring the DOLA and INV ecosystems/exposures
- Attend weekly working group sync-ups to report on progress and present findings
- Work with other working groups to understand risks at inverse finance including governance and policy risks
All RWG contributors will be responsible for creating, monitoring, and updating the Risk Governance framework. To perform such duties, they will need extensive industry knowledge, as well as a thorough understanding of the various working environments (e.g. Etherscan), and the ability to read smart contracts. A commitment to stay up-to-date with the latest advancements in the space is required. Previous experience in TradFi or DeFi risk management is preferred.
The following table summarizes the budget spend for the RWG for an initial ninety (90) day period. Table figures are in $DOLA.
On March 1st, the author of this proposal was appointed by the DAO in a part-time capacity. Their contributions to the DAO thus far can be accessed following this link: Notion – The all-in-one workspace for your notes, tasks, wikis, and databases.
Since their start, they devised a due diligence process in order to assist with the growing volume of partnership opportunities in the GWG pipeline - many of which required seeding a liquidity pool with DOLA and/or enacting a new DOLA Fed. They drafted preliminary security assessments, inspired by published work from the Yearn Finance, Rari Capital, and Beefy Finance, and the DeFi Safety teams, in which they scrutinized major key elements of deployed DeFi products to produce an overarching safety rating used to complement business proposals. They also collaborated with the AWG to produce a v1 Dune dashboard titled “Inverse Risk Management” which automates the safety score calculations for assets.
- DAO member since March 2021
- Moderator since August 2021
- Contributor in GWG since January 2022
- Admin since February 2022
- Contributor in CWG March 2022
- Recent contributions to Risk assisting in research and broad risk analysis of internal policy, governance, partnerships, assets
- Complete understanding of the Inverse Finance DAO infrastructure, can easily identify internal points of weakness
- Knowledgeable of DEFI ecosystem, closely monitor partners and competitors
- Proficient in inspecting AMM’s and liquidity
- Discord Oversight, Trusted DAO member
- Other Involvements: Partnerships @ NIL DAO; Mod @ Station zero-x
Please direct your feedback here or to an appropriate Discord channel.