Identifying security-related bugs in a collaborative/friendly manner with white hat researchers highlights Inverse’s commitment to both security and transparency. Emphasizing our commitment to mitigating risk at this stage of our development is of paramount importance. Inverse Finance has undergone multiple audits in recent months as part of a newly enacted smart-contract review process. These are briefly summarized below. Further information or risk prevention can be found in the RWG Gitbook.
We're proud to report that Inverse Finance's DeFiSafety score has increased by a staggering 58 points to 87 since the last Process Quality Review was conducted in 2021. This achievement is a testament to the hard work and dedication of the Risk Working Group, Analytics Working Group, and developers working to ensure the safety of the DAO.
Inverse hosted a 5-day open bug bounty contest, which ran between October 25-30, 2022, on the Code4rena platform to conduct a comprehensive audit of our new fixed-rate lending protocol, FiRM. The contest saw $50,000 in rewards up for grabs and 198 white-hat researchers taking part, the highest recorded participation ever at the time. The final report can be found here. Several qualified security projects and firms had been vetted by our RWG, and the vibrant community at Code4rena stood out to the team as both highly skilled and genuine. We see immense value in this form of auditing and look forward to a future partnership between Inverse and Code4rena.
Nomoi is a boutique Web3 hacker collective with roots in Open Zeppelin and Consensys. Their mission is to provide comprehensive security audits and services to DeFi protocols and blockchain projects, working as a tight-knit team of experienced security researchers and engineers. Their contributions have helped secure billions of dollars of digital assets. While they might not be as well-known as some larger security firms, their talent is undeniable. They audited FiRM without finding any significant vulnerabilities and we are proud to have received positive feedback from them.
The RWG onboarded boutique auditing firm DefiMoon during Q3 and Q4 2022 as security partners, with the intent of having their team complement internal QA and testing and bolster our security infrastructure. After a period of research and introductions into several qualified auditing firms, DeFi Moon stood out as a talented and genuine team eager to take on the challenge. During this time they performed an informal audit of FiRM contracts prior to the Code4Rena bug bounty contest. Pre-launch audit can be found here. DefiMoon also provided security consulting and auditing for the Convex Fed, Aura Fed, and Velo Fed contracts. Their expertise helped us identify and address potential risks and improve the safety and security of these deployments. We’re grateful for their support.
An audit of the bad debt repayment products and a new INV oracle solution was performed by Peckshield in Q2 2022. Their report can be found here.