Risk Working Group - Season 3 Proposal

Authors: Edo
Reviewers: Karm

1. Summary

The Risk Working Group (RWG) of Inverse Finance has successfully completed two seasons of proactive risk management, framework development, and security enhancements. Building upon the solid foundation established in Seasons 1 and 2, the RWG proposes to continue its mission in Season 3. This proposal outlines the objectives, projects, success metrics, and budget required for the RWG to operate effectively over the next six months, from November 1, 2024, to April 30, 2025.

2. RWG @ Inverse Finance

The RWG is integral to Inverse Finance DAO, responsible for identifying, assessing, and mitigating risks to the protocol and its users. It supports all existing and future functions of Inverse Finance, providing sound risk analysis, risk management, and risk monitoring for all DAO products. Collaborating closely with other groups such as the Product, Analytics, Growth, and Treasury working groups, the RWG pursues shared security goals and promotes safe practices among DAO members.

Compared to traditional finance, significantly more risks are present in DeFi for individual users and protocols: malicious actors, esoteric smart contract risks, unknown correlations between tokens and projects, short track records, unproven and experimental economic theories, anon teams/devs, and the irreversibility of transactions to name just a few. Inverse Finance faces unique challenges as a lending protocol operator and a stablecoin issuer. The presence of DOLA bad debt necessitates meticulous attention and a zero-tolerance policy for errors, demanding constant vigilance throughout the year. Therefore, a robust risk management function within Inverse Finance is indispensable for protecting the DAO and its users.

The RWG is well-positioned to build upon established risk management practices, ensuring that any value added to the DAO is accompanied by a heightened and ongoing awareness of risk. As a reminder, we compile all directives and accomplishments in the Risk Working Group Digest, our dedicated website that serves as a comprehensive archive of our work.

2.0. Season 2 Recap

For a comprehensive recap of our Season 2, including goals, projects and success metrics be sure to review our latest forum post titled: “Behind the Scenes: Season 2 Recap”.

2.1. WG Goals

During Season 3 like in Season 2, the RWG intends to build upon several key directives defined during Season 1. These align with the DAO’s “North Star” objectives laid out before the start of Season 1, demonstrating our WG’s contribution to Inverse Finance’s overarching objectives. Season 3 RWG goals include:

1. Enhance Existing Frameworks - We aim to complete the transition of all existing risk management frameworks from Google Sheets to a more advanced platform equipped with real-time updates. This modernization will significantly improve data accuracy, efficiency, and collaborative capabilities. By integrating APIs and automating data feeds, we can make timely adjustments to risk parameters based on market conditions, enhancing our ability to proactively manage risks.
2. Develop New Frameworks - To address emerging risks and challenges in managing Inverse’s suite of products, we may develop new risk management frameworks. We recognize the value of collaboration and learning from the broader DeFi risk management community. By leveraging communications and materials made publicly available by other risk teams we aim to adapt and tailor these insights to our specific use cases and products.
3. Conduct Comprehensive Risk Assessments - Regularly assessing existing and prospective FiRM markets is crucial for maintaining the protocol’s safety. We will continue to perform thorough risk assessments for all new proposed markets and periodically reassess existing markets to account for changes in market dynamics, ensuring that our risk evaluations remain current and comprehensive.
4. Drive Security-Related Cooperation - Strengthening our security posture requires collaboration both within the DAO and with external partners. We will carry out our vision for Security Operations at Inverse Finance by continuing to build out the “four lines of defense” approach, which includes preventive measures, real-time monitoring, incident response, and recovery strategies.
5. Facilitate Governance Participation - Increasing engagement in DAO governance is essential for transparency and community involvement. We will actively participate in governance forums by providing regular updates and encouraging discussions. Our goal is to foster an engaged community that actively contributes to the protocol’s success, thereby improving the health of DAO governance.
6. Maintain an Updated Library of Directives - Maintaining comprehensive and accessible documentation is crucial for transparency and continuity. We will keep the Risk Working Group Digest updated with all directives, frameworks, assessments, and reports. By ensuring our work is archived and easily navigable, we facilitate knowledge sharing and provide a valuable resource for DeFi.

2.2 Responsibilities

The RWG will be responsible for:

• Monitoring: Utilizing tools like the Risk Observer Checklist and further developing our alerting system on Inverse Watch to continuously monitor risks across the protocol.
• Policy Recommendations: Recommending policies for FiRM markets, DOLA health, and more, based on the application of our in-house frameworks.
• Auditing Oversight: Serve as the authority in determining what components are audit-worthy and specify the type and scope of audits required based on potential impact and funds at risk.
• Security Operations Vision: Carrying out our vision for Security Operations at Inverse Finance, implementing the “four lines of defense” approach.
• Multisig Duties: Fulfilling our duties as signers on various DAO multisigs, including the RWG multisig, TWG multisig on various chains, Policy multisig, and Fed Chair. Our participation ensures that actions requiring multisig approval are executed securely and in alignment with risk management practices (see recent Radiant and Tapioca exploits).
• Governance Proposals: Drafting and guiding risk-related and product-focused proposals through the governance process.
• DAO Governance Health: Monitoring and promoting the health of DAO governance by encouraging participation, facilitating discussions, and ensuring transparency in decision-making processes.
• Documentation Maintenance: Maintaining up-to-date records of all directives, frameworks, assessments, and reports.

2.3 Projects

Due to the dynamic nature of our jobs and the ongoing responsibilities of the RWG, new projects and initiatives often emerge throughout the season; some are scrapped while others evolve or reach a natural conclusion earlier than anticipated. As such, it’s challenging to list every project we will undertake during Season 3. However, we have identified several key initiatives that align with our goals and will form the core of our efforts. These projects include:

1. Participate in FiRM v2 Design Process - Given our experience within the DAO, our input is valuable in the design process of FiRM v2. We will actively participate in its development, providing insights on risk management, security considerations, and best practices to ensure the next iteration of FiRM is robust and secure.
2. Implement Liquidator Grant Program - Building on the proposal, we will oversee the implementation of this program, which aims to incentivize and onboard proficient liquidators to our platform thereby enhancing the efficiency and reliability of the liquidation process. Our responsibilities will include coordinating with grant recipients, monitoring their activity, and ensuring they adhere to the protocol’s standards and guidelines.
3. Strengthen Risk Monitoring and Alerts - We plan to further develop our risk monitoring systems as new needs emerge, enhancing our ability to respond promptly to potential risks. Specialized alerts will be custom-tailored to the unique characteristics of the assets we monitor. These will range from basic alerts—such as tracking liquidity pool events for assets with lower on-chain liquidity —to generalized oracle variance alerts for all collaterals, and specific price feed alerts for our more exotic markets.
4. Adopt SafeHarbor Framework - Through collaboration with the Security Alliance, we plan to adopt this framework to enhance our bug bounty program by enabling proactive defense measures against active exploits. Safe Harbor grants whitehats and MEV rescuers legal protection when intervening during an active exploit attempt to the protocol. In doing so, we aim to empower security experts and create a stronger safety net for Inverse.
5. Review Operational Processes - To ensure our operations align with industry best practices, we will conduct a comprehensive review of our operational processes. This includes conducting a fire drill in accordance with the frameworks laid out by the Security Alliance.
6. Author Risk-Centric Content - Education is a vital component of risk management. We will resume the “Behind the Scenes” series, committing to publish posts that delve into our methodologies, frameworks, and insights.

2.4 Success Metrics

To measure the success of the RWG, the following key metrics will be tracked, and reported on at the end of the Season 3 period:

• Framework Modernization Completion: Successful transition of all existing frameworks away from Google Sheets to an advanced platform equipped with real-time updates.

• “Four Lines of Defense” Adoption: Have active and/or completed initiatives for all four lines of defense; in accordance with our SecOps vision.

• Risk Assessments Conducted: Completion of risk assessments for all new proposed markets and periodic reassessment of existing ones.

• Incident Response Improvement: Conduct a “SEAL War Games” either in collaboration with the Security Alliance team or by own accord.

• Governance Participation: Increased engagement measured by the number of forum posts, and community interactions.

• Content Production: Publication of at least one “Behind the Scenes” post per month or other risk-authored educational materials.

• Bug Bounty Program Engagement: Increase in submissions from non-novice (a rating provided by ImmuneFi) whitehats.

2.5 Decision making power

The RWG is requesting the DAO to continue to grant us the following delegated decision-making powers throughout our Season 3 engagement:

• Enacting the role of the RWG Guardian: The RWG will act within its rights to bring collateral markets on FiRM to an immediate pause if any one of three multisig signers believe a critical threat to the DAO is imminent.
• Proposing and implementing risk mitigation policies: The RWG seeks the ability to propose and implement off-chain risk mitigation strategies and protocols without requiring individual approval for each policy.
• Championing auditing requirements: The RWG requests the authority to determine internal auditing needs, acting as the deciding voice on what is audit-worthy and the necessary form of auditing. Decisions will be based on criteria such as impact and funds at risk, ensuring that critical components receive appropriate scrutiny.
• Recommending on-chain changes to the protocol based on risk assessments: The RWG aims to recommend changes to the protocol based on risk assessments. This allows the RWG to suggest modifications to smart contracts, operational processes, or other protocol components to address identified risks effectively.
• Leading incident response and recovery procedures: The RWG requests decision-making authority during incident response and recovery processes. This enables the RWG to make timely and informed decisions to mitigate security incidents and ensure a swift recovery. This is especially pertinent to incident response where a clear point of accountability can ensure effective resolution of the issue.

3. Budget

3.1 Contributors

No contributor compensation changes are requested within the RWG.

Edo [WGL]

Edo, with a robust DeFi background, has been contributing to the RWG at Inverse Finance DAO since April 2022. His multifaceted role extends beyond risk management, encompassing SecOps leadership and strategizing DOLA adoption. He pioneered the RWG, fostering risk awareness and best practices across all working groups and DAO functions. Prior to his time at Inverse, Edo’s leadership drove a hedge fund’s success. He has extensive start-up experience, and has successfully restructured operations for a luxury travel brand through adopting frameworks and spearheading strategic decisions. His entrepreneurial spirit shines through founding ventures and his interests in DAO Governance. Outside of work, Edo holds interests in travel, tennis, running, and culinary arts.

Karm

Karm is a DeFi enthusiast with over two years of active involvement in Inverse Finance. He has taken on a wide range of crucial responsibilities, including risk management within the RWG, participation in essential Multisigs like the Treasury Working Group, and contributing to business development and growth strategies. Additionally, he plays a pivotal role in community engagement as the Discord server administrator and as a first responder during emergencies as a SecOps member and multisig facilitator. Karm’s dedication and multifaceted contributions underscore his commitment to Inverse Finance’s mission and its growth in DeFi.

3.2 Ad hoc & Tooling

It’s important to note that, unlike in Seasons 1 and 2, starting in Season 3, budget requests pertaining to SecOps will be made separately from the RWG’s budget. This separation allows for more focused resource allocation and clearer financial planning for both the RWG and SecOps initiatives.

3.3 Flexible Budget

RWG requests a flexible budget as follows to cover unforeseen expenditure that arises during the Season.

3.4 Summary

In summary RWG requested the following budget for the 6 months of Season 2.

We believe this budget accurately reflects the resources needed to achieve our goals and deliver value to the Inverse Finance ecosystem in Season 3.