Identifying security-related bugs in a collaborative/friendly manner with white hat researchers highlights Inverse’s commitment to both security and transparency. Emphasizing our commitment to mitigating risk at this stage of our development is of paramount importance. Inverse Finance has undergone multiple audits in recent months as part of a newly enacted smart-contract review process. These are briefly summarized below. Further information or risk prevention can be found in the RWG Gitbook.
We are also pleased to report that Inverse Finance's DeFiSafety score has increased by 58 points to 87 since the last Process Quality Review was conducted in 2021.
Inverse Finance has undergone multiple audits as part of our smart-contract review process. Our on-going efforts in identifying security-related bugs are made public in the spirit of transparency. These are briefly summarized below:
FiRM's second security audit was conducted in April 2023. The experts at Nomoi, a boutique Web3 hacker collective with roots in Open Zeppelin and Consensys, spent over a week reviewing our FiRM repository, with the objective of providing an independent assessment of our smart contracts’ security, code quality, and overall functionality. Since the Code4rena contest, 4 additional markets had been added to FiRM, some requiring non-standard oracle implementations. This engagement was made possible by our friends at Convex Finance, who graciously offered to connect us with Nomoi in preparation for the forthcoming launch of the cvxCRV market on FiRM. The report can be found here.
Inverse hosted a 5-day open bug bounty contest, which ran between October 25-30, 2022, on the Code4rena platform to conduct a comprehensive audit of our new fixed-rate lending protocol, FiRM. The contest saw $50,000 in rewards up for grabs and 198 white-hat researchers taking part, the highest recorded participation ever at the time. The final report can be found here. Several qualified security projects and firms had been vetted by our RWG, and the vibrant community at Code4rena stood out to the team as both highly skilled and genuine. We see immense value in this form of auditing and look forward to a future partnership between Inverse and Code4rena.
The RWG onboarded boutique auditing firm DefiMoon during Q3 and Q4 2022 as security partners, with the intent of having their team complement internal QA and testing and bolster our security infrastructure. After a period of research and introductions into several qualified auditing firms, DeFi Moon stood out as a talented and genuine team eager to take on the challenge. During this time they performed an informal audit of FiRM contracts prior to the Code4Rena bug bounty contest. Pre-launch audit can be found here. DefiMoon also provided security consulting and auditing for the Convex Fed, Aura Fed, and Velo Fed contracts. Their expertise helped us identify and address potential risks and improve the safety and security of these deployments. We’re grateful for their support.