Audits
Inverse Finance has undergone multiple audits as part of our smart-contract review process. Our on-going efforts in identifying security-related bugs are made public in the spirit of transparency. These are briefly summarized below. Further information or risk prevention can be found in the RWG Gitbook.
sDOLA and the DOLA Savings Account (DSA) were audited in January 2024 by yAudit, a budding collective of auditors recruited from yAcademy (Yearn Finance’s auditing program). The scope of the review consisted of DolaSavings.sol, sDola.sol, and sDolaHelper.sol contraacts. The audit, spanning three days, uncovered a range of findings from high to low impact, alongside gas-saving and informational insights. Critical vulnerabilities, such as the susceptibility of the sDola vault to inflation attacks and the potential manipulation of sDola in lending-borrowing markets, were promptly addressed. Lower-impact issues, focusing on aspects like checks and function optimizations, were also noted for improvement.
FiRM's second security audit was conducted in April 2023. The experts at Nomoi, a boutique Web3 hacker collective with roots in Open Zeppelin and Consensys, spent over a week reviewing our FiRM repository, with the objective of providing an independent assessment of our smart contracts’ security, code quality, and overall functionality. Since the Code4rena contest, 4 additional markets had been added to FiRM, some requiring non-standard oracle implementations. This engagement was made possible by our friends at Convex Finance, who graciously offered to connect us with Nomoi in preparation for the forthcoming launch of the cvxCRV market on FiRM. The report can be found here.
Inverse hosted a 5-day open bug bounty contest, which ran between October 25-30, 2022, on the Code4rena platform to conduct a comprehensive audit of our new fixed-rate lending protocol, FiRM. The contest saw $50,000 in rewards up for grabs and 198 white-hat researchers taking part, the highest recorded participation ever at the time. The final report can be found here. Several qualified security projects and firms had been vetted by our RWG, and the vibrant community at Code4rena stood out to the team as both highly skilled and genuine. We see immense value in this form of auditing and look forward to a future partnership between Inverse and Code4rena.
The RWG onboarded boutique auditing firm DefiMoon during Q3 and Q4 2022 as security partners, with the intent of having their team complement internal QA and testing and bolster our security infrastructure. After a period of research and introductions into several qualified auditing firms, DeFi Moon stood out as a talented and genuine team eager to take on the challenge. During this time they performed an informal audit of FiRM contracts prior to the Code4Rena bug bounty contest. Pre-launch audit can be found here. DefiMoon also provided security consulting and auditing for the Convex Fed, Aura Fed, and Velo Fed contracts. Their expertise helped us identify and address potential risks and improve the safety and security of these deployments. We’re grateful for their support.
An audit of the bad debt repayment products and a new INV oracle solution was performed by Peckshield in Q2 2022. Their report can be found here.
Last updated