Inverse Finance

FiRM Security


FiRM is a new protocol and although thoroughly tested and audited, there always is risk inherent in smart-contracts due to Ethereum’s simultaneous execution environment. Inverse Finance is a decentralized, open-source protocol, and is not affiliated with any central authority or organization. Inverse Finance’s products are provided "as is" and without any warranties or guarantees of any kind. Inverse Finance does not endorse or recommend any particular use or implementation of its products, and is not responsible for any losses or damages that may result from their usage. Users of FiRM are to follow any local laws applicable when using FiRM and users are solely responsible for their own actions, and Inverse Finance will not be liable for any damages or losses that may result from the use of FiRM. By using FiRM, users acknowledge and agree to these terms and conditions.

Security Features

Personal Collateral Escrows - No Custody

FiRM and Inverse Finance does not custody any funds from FiRM users. All user funds are held in Personal Collateral Escrow contracts controlled by the user and are isolated both by individual user and by token type. This means that FiRM takes a step beyond shared pools of user collateral, commonly found in protocols like Compound Finance or Aave. The PCE’s are highly flexible which allows for individual collateral factors and borrowing limits per token and per position.
While no lending protocol is completely immune to hacks, PCE’s were designed to enable multiple new layers of security. First, by isolating deposits in such a granular fashion compared to cross-collateral pools, PCE’s no longer offer intruders a single pool of assets to target but rather many, smaller targets. Second, with a PCE a depositor’s collateral cannot be loaned. As the only borrowable asset in Inverse Finance’s implementation of PCE’s is DOLA and since borrowable DOLA is capped per collateral asset, the potential impact of a price oracle manipulation incident is reduced to an undue liquidation.

Pessimistic Oracle

A newly designed Pessimistic Price Oracle (PPO) uses the lower of either the current collateral price on Chainlink or the 48-hour low price as observed by the PPO, divided by the collateral factor. For example, if the current Chainlink price is $1,500 and the 48-hour low was $1,000 and the collateral factor is 80%, the PPO returns $1,250.
This approach further discourages potential oracle price manipulation attacks by preventing users from borrowing against more than the lowest recorded value of their collateral over the prior two days. It is likely that this approach will also encourage healthier borrowing and fewer liquidations.

Daily Borrow Limits

A daily borrow limit sets a ceiling on the total amount of DOLA available for loans on any given day in each market. A daily borrow limit helps Inverse reduce its risk exposure on a per-market basis and in the future will allow for the support of more high-risk collateral assets. This limit is adjusted regularly by the Inverse risk team as the system matures.

DAO Measures

Governance Control

All parameters are controlled either directly by Inverse Finance DAO governance (xINV voting) or limited agency is delegated to the Risk Working Group, the Treasury Working Group, or guardians, all of which utilize multi-signature wallets. This form of governance is designed to be transparent, decentralized, and inclusive, and is intended to give our token holders a direct say in the direction of the DAO, whilst simultaneously maximizing DAO output. We believe that this governance model is the best way to ensure that the interests of our token holders are aligned with the success of the DAO, and that we can continue to remain relevant in a rapidly growing industry where laggards are left behind.

Alerting System

The Analytics working group has created a sophisticated in-house alerting system which warns members in relevant working groups of on-chain events such as significant price and liquidity movements. These alerts allow us to quickly identify and respond to potential security threats, and to take appropriate action to protect our users' assets. The custom alerting system is an important part of our overall security strategy, and helps us to maintain the integrity and security of our products.

Opsec Drills

The signers of various governor and other critical multi-signature wallets are spread across the globe and we have global 24/7 coverage. Inverse finance conducts unannounced security drills to continuously improve our security posture. These fire drills involve simulating various security scenarios, such as a hack or a technical issue, and then measuring how quickly our team is able to respond to the situation. This helps us to identify any weaknesses in our response protocols, and to make improvements to ensure that we can respond quickly and effectively in the event of a real security threat. By regularly conducting security operations fire drills, we can ensure that our team is prepared to handle any security challenges that may arise, and that our users' assets are protected at all times.


As part of our renewed smart-contract review process, Inverse Finance hosted a bug bounty contest on the Code4rena platform to conduct a comprehensive audit of our fixed rate lending protocol, FiRM. The audit was designed to identify any vulnerabilities or weaknesses in the protocol, and to provide recommendations for improvements. The contest saw the highest participation ever, with 198 white-hat researchers providing invaluable feedback to our developers. FiRM contracts were also reviewed by boutique auditing firm DefiMoon.
Inverse has also recently expanded its bug bounty program by launching a vault on the platform. An open hacking market that scales with the success of FiRM and significantly rewards successful hackers is an integral part to our renewed smart contract review process. We are committed to maintaining the highest security standards, and will continue to work with third-party audit firms to ensure the safety and security of our products.

Guarded Launch

FiRM will have a guarded launch in order to ensure the stability and security of the protocol. During the initial launch phase, FiRM will have supply and borrow limits in place, as well as limited collateral options.
The supply and borrow limits are designed to prevent malicious actors from performing notorious bank run exploits. By limiting the amount of liquidity that users can provide and borrow, FiRM can help to ensure that the protocol remains stable and secure, and that users' assets are protected. In addition to the supply and borrow limits, FiRM will initially have limited collateral options. These will be selected carefully and deployed over a period of time. This is intended to eliminate the risk of users collateralizing assets that are highly volatile or subject to oracle exploits for example, and to help ensure that the collateralization ratios remain stable and within acceptable limits.