Risk Working Group - Season 1 Proposal

  1. Summary

Proposal for Inverse Finance DAO to cover operations of the Risk Working Group (RWG) in Season 1, running from October 1st, 2023 to March 31st, 2024.

  1. RWG @ Inverse Finance

The RWG is responsible for identifying, assessing, and mitigating risks to the Inverse Finance protocol and its users. The RWG supports all functions of Inverse Finance, including DOLA expansion, focusing on providing sound risk analysis, risk management, and risk monitoring for existing products and aiding the efforts of the Treasury Working Group (TWG), Growth Working Group (GWG), Analytics Working Group (AWG), and Sec Ops. The tools and processes the RWG use to manage risks, and the protocols in place to respond to risk events are summarised in the RWG Gitbook, accessible here.

Compared to traditional finance, significantly more risks are present in DeFi for individual users and protocols: malicious actors, esoteric smart contract risks, unknown correlations between tokens and projects, short track records, unproven and experimental economic theories, anon teams/devs, and the irreversibility of transactions to name just a few. This makes installing a security framework in the everyday workflows of our core DAO contributors arguably RWG’s most important directive. This is especially important in the current environment, where the rapid growth of DeFi has attracted bad actors who have exploited vulnerabilities in our past systems and in those of our peers. We believe we are well poised to innovate risk management practices for our own community members and the wider DeFi ecosystem.

The importance of a robust risk management function within Inverse Finance is hard to overstate. The RWG will remain open to new ideas and continually search for improved, research-backed methods of analysing, managing, and addressing risks. In time, the RWG will become an asset, and will ensure that value-add to the DAO is accompanied with an elevated and on-going degree of risk awareness.

2.1 WG Goals

The RWG has several key directives that it aims to work towards during Season 1. These align with the S1 North Star Objectives and Success Levers, demonstrating the WG’s contribution to Inverse Finance’s overarching objectives. The goals of the RWG include:

  • Enhancing the risk management framework of Inverse Finance: The RWG will focus on strengthening the risk management practices within the protocol. This involves developing comprehensive frameworks, methodologies, and tools to identify, assess, and mitigate risks effectively.
  • Identifying and assessing potential risks to the protocol: The RWG will actively monitor and analyze potential risks that could impact the security, stability, or functionality of the protocol. By identifying and assessing these risks, the RWG can proactively address vulnerabilities and strengthen the protocol’s defenses.
  • Developing risk mitigation strategies: Based on the identified risks, the RWG will develop and implement risk mitigation strategies. These strategies may include control mechanisms, safeguards, or procedural changes to reduce the likelihood or impact of risks on the protocol.
  • Ensuring the safety and security of users’ funds: A primary goal of the RWG is to prioritize the safety and security of users’ funds within the Inverse Finance ecosystem. The WG will implement measures to protect users’ assets and minimize the potential for financial losses due to security incidents or vulnerabilities.
  • Monitoring and managing operational risks: The RWG will actively monitor and manage operational risks within Inverse Finance. This involves assessing risks associated with operational processes, third-party integrations, or any other factors that may introduce vulnerabilities or disrupt the protocol’s smooth functioning.
  • Collaborating with other working groups: The RWG recognizes the importance of cross-functional collaboration. It aims to work closely with other working groups within Inverse Finance to address risks that span multiple areas. This collaboration ensures a holistic and coordinated approach to risk management across the protocol.

By focusing on these goals, the RWG aims to enhance the risk management practices, strengthen the security of the protocol, and ensure a safe and secure environment for users within Inverse Finance.

2.2 Responsibilities

The RWG will undertake the following ongoing responsibilities during Season 1:

Multisigs:

  • Assume the role of head-of-multisigs, ensuring, amongst other things, that safety and best practices are instilled in the daily practices of all signers.
  • Fullfill the duties of various multsigs. Primary roles and powers of all multisigs can be found here. Multisigs with RWG members include:
    • RWG - The RWG itself has a multisig composed of 3 signers and requires a quorum of 1 in order to take swift measures preventing or limiting loss. It’s imperative that the RWG are among first responders to any critical threats to the DAO.
    • TWG - which sets out to optimise the Inverse treasury and manages liquidity operations on 6 chains and growing.
    • AWG - Handle analytics costs (The Graph etc).
    • Fed Chair - which manages and implements Fed policies
    • Policy Committee - which handles the reward rate policies and has a BondsManager role.
    • Bug Bounty Program - which handles rewards for bug bounties.

RWG:

  • Conduct new and regularly update past risk assessments existing and proposed markets on FiRM

  • Weigh in on all governance proposals, reviewing actions and policy changes, and providing an on-chain proof-of-review.

  • Author risk-centric content for the Inverse blog and social media accounts

  • Maintain an updated library through Gitbook of past and present RWG directives and contributions, and a Linear Dashboard that provides clear insight of day-to-day tasks to other working group members.

  • Utilise and evolve the various risk assessment framework: The RWG has previously created several frameworks that systematically identify, evaluate, and prioritise risks associated with the protocol. During season 1, we intend to make full use of these and improve them as our industry knowledge and subject matter expertise grows.

SecOps:

  • Drive security-related cooperation between working groups and between third party auditors/security consultants and the DAO, mediating a close working relationship between individuals and between organisations.
  • Manage the bug bounty program, spearhead any changes to it, and maintain an ongoing working relationship with our host platform.

Cross Working Group Collabs:

  • Review and provide feedback on proposed smart contract changes from a risk perspective

  • Conduct periodic reviews of operational processes and procedures: The RWG will regularly review and assess the operational processes and procedures within Inverse Finance. This will help identify areas where improvements can be made to enhance risk management practices, streamline operations, and ensure compliance with best practices and industry standards.

  • … And more

Members of the RWG will be responsible for specific tasks within these responsibilities, with named individuals assigned to each task.

2.3 Projects

The RWG will undertake the following one-off projects during Season 1:

  • Refine our in-house asset scoring model to promote stability and security within Inverse Finance’s FiRM by ensuring collaterals are added with meticulous deliberation and known risks.
  • Implement additional security measures: The RWG will explore and implement additional security measures to enhance the overall security posture of the protocol. This may involve strengthening our existing bug bounty program on Hats Finance to incentivize community participation in identifying vulnerabilities, enhancing Inverse.Watch, our advanced monitoring and threat detection systems, etc. Details on the completion of specific projects which strengthen security measures will be published on the forum periodically.
  • Engage third-party audits and security reviews of smart contracts: The RWG will bring forward and collaborate with external security auditors via our SecOps arm. This will help identify any vulnerabilities or weaknesses as our PWG deploys new contracts and ensure the integrity and safety of the code.
  • Enhance incident response and recovery procedures: The RWG will review and improve the existing incident response and recovery procedures. This includes establishing clear escalation paths, defining roles and responsibilities during incidents, and implementing robust incident management processes to minimise the impact of security breaches or operational disruptions.

2.4 Success Metrics

To measure the success of the RWG, the following key metrics will be tracked:

  • Number of identified risks and their severity: This metric quantifies the RWG’s ability to effectively identify and assess risks. It provides insights into the overall risk landscape of the protocol and helps prioritize mitigation efforts.
  • Number and severity of security incidents: This metric tracks the occurrence and severity of security incidents, such as hacking attempts, exploits, or unauthorized access. It helps measure the effectiveness of the RWG’s efforts in preventing and mitigating security breaches.
  • Timeliness of incident response and recovery: This metric measures the RWG’s ability to respond promptly to security incidents and efficiently recover from them. It evaluates the effectiveness of incident management processes and the speed at which vulnerabilities are addressed.
  • Adoption and implementation of recommended security measures: This metric assesses the adoption and implementation of security measures recommended by the RWG. It indicates the level of alignment between proposed security enhancements and the actions voted in by the DAO.

2.5 Decision making power

The RWG is requesting the following delegated decision-making powers from the INV token holders:

  • Authority to propose and implement risk mitigation policies: The RWG seeks the ability to propose and implement off-chain risk mitigation strategies and protocols without requiring individual approval for each policy.
  • Ability to recommend on-chain changes to the protocol based on risk assessments: The RWG aims to have the authority to recommend changes to the protocol based on risk assessments. This allows the RWG to suggest modifications to smart contracts, operational processes, or other protocol components to address identified risks effectively.
  • Decision-making leadership in incident response and recovery procedures: The RWG requests decision-making authority during incident response and recovery processes. This enables the RWG to make timely and informed decisions to mitigate security incidents and ensure a swift recovery. This is especially with incident response where a clear point of accountability can ensure effective resolution of the issue.
  • Approval authority for proposed changes to operational processes and procedures which fall within the domain of risk or which have potential risk implications.

Granting these decision-making powers to the RWG allows them to effectively manage risks, respond to security incidents, and contribute to the overall security and stability of Inverse Finance.

  1. Budget

In Season 1 Contributors agreed to move to a standard compensation banding system. You can view the full compensation bands here.

3.1 Contributors

Contributors will be active within RWG, to be paid as follows.

Name FTE Band Pro-rata Monthly Salary Total for Season 1
Edo 1.0 B 12,000 72,000
Karm 0.50 B 6,000 36,000

Edo [Working Group Lead]

Edo, with a robust DeFi background, has been heading the RWG at Inverse Finance DAO since April 2022. His multifaceted role extends beyond risk management, encompassing SecOps leadership and strategizing DOLA adoption. He pioneered the Risk Working Group, fostering risk awareness and best practices across all working groups and DAO functions. Prior to his time at Inverse, Edo’s leadership drove a hedge fund’s success. He has extensive start-up experience, and has successfully restructured operations for a luxury travel brand, drastically cutting costs and doubling annual revenue through innovative frameworks and strategic decisions. His entrepreneurial spirit shines through founding ventures and his interests in DAO Governance. Outside of work, Edo holds interests in travel, tennis, and culinary arts.

Karm

Karm is a DeFi enthusiast with over two years of active involvement in Inverse Finance. He has taken on a wide range of crucial responsibilities, including risk management within the Risk Working Group, participation in essential Multisigs like the Treasury Working Group, and contributing to business development and growth strategies. Additionally, he plays a pivotal role in community engagement as the Discord server administrator and as a first responder during emergencies as a SecOps member and multisig facilitator. Karm’s dedication and multifaceted contributions underscore his commitment to Inverse Finance’s mission and its growth in the DeFi landscape.

3.2 Ad hoc & tooling

Details Type Requested $INV Requested $DOLA
N/A N/A 0 0

3.3 Flexible Budget

RWG requests a flexible budget as follows to cover unforeseen expenditure that arises during the Season.

Additional flexible budget in $DOLA 0
Additional flexible budget in $INV 0

3.4 Summary

In summary RWG requested the following budget for the 6 months of Season 1.

S1 $DOLA allowance S1 $INV allowance
Contributors 108,000 0
Ad Hoc & Tooling 0 0
Flexible Budget 0 0
Total 108,000 0
1 Like

Hey this overall looks pretty good. The only thing I’d ask is to see the proposed spend within historical context, is this a steady state budget, a growth of the past budget, or a shrink of past budget?

To provide more context; RWG and SecOps spend has historically been the following:

RWG SecOps TOT
2022 138,317 116,244 254,561
Last 1 Year 230,244 108,299 338,543
Last 6 Months 136,488 3,075 139,563
Last 3 Months 66,774 0 66,774
YTD 172,527 24,055 196,582
TOT 310,844 140,299 451,143

Per the latest payroll arrangements from February 2023, the contributors’ DOLA allowance for Season 1 (6 month period) is being reduced from 138k to 126k (~9% reduction). SecOps spend instead is increasing significantly. This is because we are budgeting for our most significant audit to date in anticipation for FiRMv2 launch, as well as expanding our bug bounty program to reflect the growth in TVL on FiRM.

1 Like

Edited out the Ad Hoc Tooling budget from the Proposal as this was recently approved with the passing of Proposal 128 and thus is not required as an additional allowance here.

For posterity, that section read:

3.2 Ad hoc & tooling

Details Type Requested $INV Requested $DOLA
3rd Party Audit(s) SecOps 0 65000
Bug Bounty Program SecOps 0 25000

3rd Party Audit

At the discretion of the Product Working Group, we will engage the services of renown Blockchain Security firm for a comprehensive audit of FiRMv2. This collaboration is particularly strategic as it further diversified our pool of reviewers, and their meticulous approach promises to lay a robust foundation for FiRM’s launch on new chains.

Bug Bounty Program

Funds will be used to increase the payout for our ongoing bug bounty program hosted on the Hats Finance platform. Our current vault size of 20,000 DOLA falls in the lower range of bounties on the platform. By offering higher rewards, we can attract more skilled security researchers to scrutinise our code, enhancing the overall security of our platform.

Reminder: All past and active DAO contributions of the RWG can be found in our Gitbook here!

1 Like

Proposal Budget section was updated.