Proposal for Inverse Finance DAO to cover operations of the Risk Working Group (RWG) in Season 1, running from October 1st, 2023 to March 31st, 2024.
The RWG is responsible for identifying, assessing, and mitigating risks to the Inverse Finance protocol and its users. The RWG supports all functions of Inverse Finance, including DOLA expansion, focusing on providing sound risk analysis, risk management, and risk monitoring for existing products and aiding the efforts of the Treasury Working Group (TWG), Growth Working Group (GWG), Analytics Working Group (AWG), and Sec Ops. The tools and processes the RWG use to manage risks, and the protocols in place to respond to risk events are summarised in the RWG Gitbook, accessible here.
Compared to traditional finance, significantly more risks are present in DeFi for individual users and protocols: malicious actors, esoteric smart contract risks, unknown correlations between tokens and projects, short track records, unproven and experimental economic theories, anon teams/devs, and the irreversibility of transactions to name just a few. This makes installing a security framework in the everyday workflows of our core DAO contributors arguably RWG’s most important directive. This is especially important in the current environment, where the rapid growth of DeFi has attracted bad actors who have exploited vulnerabilities in our past systems and in those of our peers. We believe we are well poised to innovate risk management practices for our own community members and the wider DeFi ecosystem.
The importance of a robust risk management function within Inverse Finance is hard to overstate. The RWG will remain open to new ideas and continually search for improved, research-backed methods of analysing, managing, and addressing risks. In time, the RWG will become an asset, and will ensure that value-add to the DAO is accompanied with an elevated and on-going degree of risk awareness.
2.1 WG Goals
The RWG has several key directives that it aims to work towards during Season 1. These align with the S1 North Star Objectives and Success Levers, demonstrating the WG’s contribution to Inverse Finance’s overarching objectives. The goals of the RWG include:
- Enhancing the risk management framework of Inverse Finance: The RWG will focus on strengthening the risk management practices within the protocol. This involves developing comprehensive frameworks, methodologies, and tools to identify, assess, and mitigate risks effectively.
- Identifying and assessing potential risks to the protocol: The RWG will actively monitor and analyze potential risks that could impact the security, stability, or functionality of the protocol. By identifying and assessing these risks, the RWG can proactively address vulnerabilities and strengthen the protocol’s defenses.
- Developing risk mitigation strategies: Based on the identified risks, the RWG will develop and implement risk mitigation strategies. These strategies may include control mechanisms, safeguards, or procedural changes to reduce the likelihood or impact of risks on the protocol.
- Ensuring the safety and security of users’ funds: A primary goal of the RWG is to prioritize the safety and security of users’ funds within the Inverse Finance ecosystem. The WG will implement measures to protect users’ assets and minimize the potential for financial losses due to security incidents or vulnerabilities.
- Monitoring and managing operational risks: The RWG will actively monitor and manage operational risks within Inverse Finance. This involves assessing risks associated with operational processes, third-party integrations, or any other factors that may introduce vulnerabilities or disrupt the protocol’s smooth functioning.
- Collaborating with other working groups: The RWG recognizes the importance of cross-functional collaboration. It aims to work closely with other working groups within Inverse Finance to address risks that span multiple areas. This collaboration ensures a holistic and coordinated approach to risk management across the protocol.
By focusing on these goals, the RWG aims to enhance the risk management practices, strengthen the security of the protocol, and ensure a safe and secure environment for users within Inverse Finance.
The RWG will undertake the following ongoing responsibilities during Season 1:
- Assume the role of head-of-multisigs, ensuring, amongst other things, that safety and best practices are instilled in the daily practices of all signers.
- Fullfill the duties of various multsigs. Primary roles and powers of all multisigs can be found here. Multisigs with RWG members include:
- RWG - The RWG itself has a multisig composed of 3 signers and requires a quorum of 1 in order to take swift measures preventing or limiting loss. It’s imperative that the RWG are among first responders to any critical threats to the DAO.
- TWG - which sets out to optimise the Inverse treasury and manages liquidity operations on 6 chains and growing.
- AWG - Handle analytics costs (The Graph etc).
- Fed Chair - which manages and implements Fed policies
- Policy Committee - which handles the reward rate policies and has a BondsManager role.
- Bug Bounty Program - which handles rewards for bug bounties.
Conduct new and regularly update past risk assessments existing and proposed markets on FiRM
Weigh in on all governance proposals, reviewing actions and policy changes, and providing an on-chain proof-of-review.
Author risk-centric content for the Inverse blog and social media accounts
Maintain an updated library through Gitbook of past and present RWG directives and contributions, and a Linear Dashboard that provides clear insight of day-to-day tasks to other working group members.
Utilise and evolve the various risk assessment framework: The RWG has previously created several frameworks that systematically identify, evaluate, and prioritise risks associated with the protocol. During season 1, we intend to make full use of these and improve them as our industry knowledge and subject matter expertise grows.
- Drive security-related cooperation between working groups and between third party auditors/security consultants and the DAO, mediating a close working relationship between individuals and between organisations.
- Manage the bug bounty program, spearhead any changes to it, and maintain an ongoing working relationship with our host platform.
Cross Working Group Collabs:
Review and provide feedback on proposed smart contract changes from a risk perspective
Conduct periodic reviews of operational processes and procedures: The RWG will regularly review and assess the operational processes and procedures within Inverse Finance. This will help identify areas where improvements can be made to enhance risk management practices, streamline operations, and ensure compliance with best practices and industry standards.
… And more
Members of the RWG will be responsible for specific tasks within these responsibilities, with named individuals assigned to each task.
The RWG will undertake the following one-off projects during Season 1:
- Refine our in-house asset scoring model to promote stability and security within Inverse Finance’s FiRM by ensuring collaterals are added with meticulous deliberation and known risks.
- Implement additional security measures: The RWG will explore and implement additional security measures to enhance the overall security posture of the protocol. This may involve strengthening our existing bug bounty program on Hats Finance to incentivize community participation in identifying vulnerabilities, enhancing Inverse.Watch, our advanced monitoring and threat detection systems, etc. Details on the completion of specific projects which strengthen security measures will be published on the forum periodically.
- Engage third-party audits and security reviews of smart contracts: The RWG will bring forward and collaborate with external security auditors via our SecOps arm. This will help identify any vulnerabilities or weaknesses as our PWG deploys new contracts and ensure the integrity and safety of the code.
- Enhance incident response and recovery procedures: The RWG will review and improve the existing incident response and recovery procedures. This includes establishing clear escalation paths, defining roles and responsibilities during incidents, and implementing robust incident management processes to minimise the impact of security breaches or operational disruptions.
2.4 Success Metrics
To measure the success of the RWG, the following key metrics will be tracked:
- Number of identified risks and their severity: This metric quantifies the RWG’s ability to effectively identify and assess risks. It provides insights into the overall risk landscape of the protocol and helps prioritize mitigation efforts.
- Number and severity of security incidents: This metric tracks the occurrence and severity of security incidents, such as hacking attempts, exploits, or unauthorized access. It helps measure the effectiveness of the RWG’s efforts in preventing and mitigating security breaches.
- Timeliness of incident response and recovery: This metric measures the RWG’s ability to respond promptly to security incidents and efficiently recover from them. It evaluates the effectiveness of incident management processes and the speed at which vulnerabilities are addressed.
- Adoption and implementation of recommended security measures: This metric assesses the adoption and implementation of security measures recommended by the RWG. It indicates the level of alignment between proposed security enhancements and the actions voted in by the DAO.
2.5 Decision making power
The RWG is requesting the following delegated decision-making powers from the INV token holders:
- Authority to propose and implement risk mitigation policies: The RWG seeks the ability to propose and implement off-chain risk mitigation strategies and protocols without requiring individual approval for each policy.
- Ability to recommend on-chain changes to the protocol based on risk assessments: The RWG aims to have the authority to recommend changes to the protocol based on risk assessments. This allows the RWG to suggest modifications to smart contracts, operational processes, or other protocol components to address identified risks effectively.
- Decision-making leadership in incident response and recovery procedures: The RWG requests decision-making authority during incident response and recovery processes. This enables the RWG to make timely and informed decisions to mitigate security incidents and ensure a swift recovery. This is especially with incident response where a clear point of accountability can ensure effective resolution of the issue.
- Approval authority for proposed changes to operational processes and procedures which fall within the domain of risk or which have potential risk implications.
Granting these decision-making powers to the RWG allows them to effectively manage risks, respond to security incidents, and contribute to the overall security and stability of Inverse Finance.
In Season 1 Contributors agreed to move to a standard compensation banding system. You can view the full compensation bands here.
Contributors will be active within RWG, to be paid as follows.
|Name||FTE||Band||Pro-rata Monthly Salary||Total for Season 1|
Edo [Working Group Lead]
Edo, with a robust DeFi background, has been heading the RWG at Inverse Finance DAO since April 2022. His multifaceted role extends beyond risk management, encompassing SecOps leadership and strategizing DOLA adoption. He pioneered the Risk Working Group, fostering risk awareness and best practices across all working groups and DAO functions. Prior to his time at Inverse, Edo’s leadership drove a hedge fund’s success. He has extensive start-up experience, and has successfully restructured operations for a luxury travel brand, drastically cutting costs and doubling annual revenue through innovative frameworks and strategic decisions. His entrepreneurial spirit shines through founding ventures and his interests in DAO Governance. Outside of work, Edo holds interests in travel, tennis, and culinary arts.
Karm is a DeFi enthusiast with over two years of active involvement in Inverse Finance. He has taken on a wide range of crucial responsibilities, including risk management within the Risk Working Group, participation in essential Multisigs like the Treasury Working Group, and contributing to business development and growth strategies. Additionally, he plays a pivotal role in community engagement as the Discord server administrator and as a first responder during emergencies as a SecOps member and multisig facilitator. Karm’s dedication and multifaceted contributions underscore his commitment to Inverse Finance’s mission and its growth in the DeFi landscape.
3.2 Ad hoc & tooling
|Details||Type||Requested $INV||Requested $DOLA|
3.3 Flexible Budget
RWG requests a flexible budget as follows to cover unforeseen expenditure that arises during the Season.
|Additional flexible budget in $DOLA||0|
|Additional flexible budget in $INV||0|
In summary RWG requested the following budget for the 6 months of Season 1.
|S1 $DOLA allowance||S1 $INV allowance|
|Ad Hoc & Tooling||0||0|