On June 16th, Inverse Finance’s lending market, Frontier, was exploited by an Oracle Manipulation that led to a net DOLA loss of $5.83M DOLA, please read our blog post for more detail.
In order to reduce the risk of any further protocol losses at the time, the RWG paused DOLA borrowing via the RWG Multisig. Since the incident, the security processes at Inverse Finance have been scrutinized and are being overhauled to ensure there is thorough review of all collateral options and oracles before being added to Frontier. The DAO has been in talks with several security firms and is in the last stages of working out a deal with a company to initially onboard them with a retainer based model, where we pay them for a set amount of hours per week (details subject to change) and send them code to audit and evaluate on an ongoing basis. This will allow us to evaluate their work on an on-going basis, and see if we want to continue with a larger engagement and a full audit.
This proposal aims to reopen Frontier and DOLA borrowing for core assets that have price oracles that the team is confident can not be manipulated in ways that put protocol funds at risk. At this stage, these would be all assets that rely on a chainlink oracle for their price feed. All other collateral options will be disabled for use as collateral and disabled for minting until they have passed a rigorous review. This aligns with our updated security procedure for limited activation of collateral assets.
Collaterals that are going to be enabled for borrowing against:
ETH V2 - Chainlink oracle
WBTC V2 - Chainlink oracle
YFI V2 - Chainlink oracle
stETH - Chainlink oracle
DOLA - Custom oracle hard coded to $1
As these collaterals currently are enabled as collateral and have minting enabled, no on-chain actions are required except for enabling DOLA borrowing.
The following collaterals will have minting and collateral use paused:
INV - Custom oracle with price ceiling
INV/DOLA SLP - Uses both the INV and DOLA oracles
These paused collaterals may be individually re-enabled at later dates after rigorous review, in their own proposal.