Proposal to reallocate unspent SecOps funds to our Bug Bounty Program

Proposal to reallocate unspent SecOps funds to our Bug Bounty Program


Overview

At the start of Season 2, the RWG was granted a budget to further develop SecOps at Inverse Finance, shared below. The RWG continues to serve the DAO;, solidifying its role in maintaining the security and operational integrity of Inverse Finance. The RWG has:

  • Continued to develop a robust risk framework that has guided our decision-making
  • Provided key input in the smart contract review process that has driven meaningful change
  • Approved and facilitated the onboarding of additional markets to FiRM further expanding our offerings while not compromising on security
  • Monitored a growing list of live markets, DOLA health, and other DAO KPIs to drive policy changes that reflect real-time market conditions and risks.
  • Maintained the bug bounty program to ensure it remains an effective tool for incentivizing responsible disclosure and mitigating risks before they escalate

Come October, we anticipate 20 live FiRM markets, a 45% increase from the start of Season 2 (or 60% when including the three unpaused CRV markets). Additionally, the scope of our bug bounty program has expanded by 25 contracts, reflecting a 40% increase.


Current Budget Allocations

Budget Item Department Requested $INV Requested $DOLA Remaining Budget
3rd Party Audit(s) Sec Ops 0 26,000 26,000
Chainalysis Proactive CIR Sec Ops 0 30,000 30,000
Bug Bounty Program Sec Ops 0 10,000 0

Total unspent budget: $56,000


Proposal

We propose reallocating the $30,000 originally assigned to the Chainalysis Proactive CIR program to increase the maximum bounty available in the ImmuneFi Bug Bounty program from $50,000 to $80,000. The remaining $26,000 from the unused 3rd Party Audit budget will be revoked with the execution of this proposal by resetting the sec-ops DOLA allowance to $30,000.


Justification

  • Increased Bug Bounty Scope: Over the last several months, the bug bounty program’s scope has expanded by 25 contracts (roughly a 40% increase). A corresponding increase in the maximum bounty will better align incentives with the scale and complexity of the contracts currently in scope.

  • Unused Chainalysis Proactive CIR Budget: The allocated $30,000 for Chainalysis Proactive CIR has not been utilized, providing an opportunity to redirect these funds to enhance the effectiveness of our bug bounty program. While we’ve maintained our relationship with the Chainalysis team and continue to explore an integration with their CIR program (now operated by ZeroShadow), we are of the opinion that reallocating the budget at this time will better serve our immediate objectives.


Conclusion

Reallocating the unspent $30,000 from the Chainalysis Proactive CIR budget towards increasing the ImmuneFi Bug Bounty program’s maximum bounty to $80,000 ensures the RWG makes the best use of available resources. This reallocation strengthens our security framework and aligns the expanding contract scope with our security needs.

1 Like