Refer a fren and earn rewards!

Yes, take me there!

Logo

-

Expanding the Bug Bounty Program and SecOps at Inverse Finance for a Secure Future

Executed
#128 - mills ERA

Created Aug 28th, 2023 - Executed Sep 3rd, 2023

Details

avatar

Edo

Form Link: https://forum.inverse.finance/t/expanding-the-bug-bounty-program-and-secops-at-inverse-finance-for-a-secure-future/222

Summary

This proposal seeks to allocate a specific budget to strengthen Inverse Finance's security measures by dividing the funds between two functions: engaging the services of Zellic for a comprehensive audit of FiRM in preparation for v2 and deployment on OP AND increasing payouts for the ongoing bug bounty program. This focused approach will help ensure the robustness of FiRM as we instill greater confidence in our user base and the wider DeFi community.

Background

Inverse Finance continues to make progress in strengthening its security measures and was recently praised for doing so by the DeFiSafety team. As a result of proposal #58 titled “Proposal to authorize allowance for formal audits”, we have successfully engaged reputable auditing firms and bug bounty platforms that have helped us identify and address potential vulnerabilities in FiRM and our Fed contracts during our contract review stage (and thus prior to launch). With the impending launch of new features as part of our FiRMv2 Roadmap and our expansion into Optimism, as well as the ever-evolving DeFi landscape, it's crucial to remain vigilant and continue investing in security to ensure the long-term success and growth of our platform.

Proposal

In light of this, The Risk Working Group proposes a specific budget allocation for two key security functions: A new audit of FiRM and enhancing the existing bug bounty program. The breakdown of funds is as follows:

  1. Onboarding Zellic (67,000 DOLA): At the discretion of the Product Working Group, we will engage the services of renown Blockchain Security firm Zellic for a comprehensive audit of FiRMv2. This engagement will last approximately three engineer work weeks and be handled a team of 2 auditors, an engagement manager (a former auditor), and overseen by Zellic's CTO. The collaboration with Zellic is particularly strategic as it further diversified our pool of reviewers, and their meticulous approach promises to lay a robust foundation for our launch on Optimism.

  2. Increasing Bug Bounty Program Payout (23,000 DOLA): The remaining funds will be used to increase the payout for our ongoing bug bounty program hosted on the Hats Finance platform. Our current vault size of 20,000 DOLA falls in the lower range of bounties on the platform. By offering higher rewards, we can attract more skilled security researchers to scrutinize our code, enhancing the overall security of our platform. This addition will bring our vault to hold over 43,000 DOLA.

The BBP multisig, composed of members from the Risk, Product, Treasury, and Growth Working Groups, will continue to manage the funding and disburse rewards to our partners. We intend this budget to cover the next six months, during which we anticipate launching new products and expanding our ecosystem. Any additional allowance requests will require a DAO vote.

On-Chain Actions

  • Set Bug Bounty Program's DOLA Allowance to 90,000

Actions

Action 1
«
Set Bug Bounty Program's

DOLA

Allowance to

90,000

»
DOLA
.approve(
Bug Bounty Program,

90000000000000000000000

)

Proof of Reviews

Members allowed to make Drafts can sign the fact that they reviewed the Draft Proposal

Loading...

For Votes

1 voters

33.91k votes

avatar

0x759a...f430

33.91k

Against Votes

0 voters

0.00 votes

Subscribe to Our Newsletter

Join thousands of subscribers in receiving weekly updates about Inverse products, partnerships, and early-bird news shared only with subscribers!

Products

sDOLADOLAsINVINVFiRM

Social