Defi Platform Compound Bug Allows Users to Claim $88 Million in Tokens
Compound, one of the trademark defi protocols on the Ethereum blockchain, is experiencing a bug that allows users to reclaim unusually high amounts of its native token. The issue was caused by the implementation of a proposal that modified the contract that awards tokens to users. Compound Labs founder Robert Leshner declared that user funds were safe and that the bug would have to wait seven days to be patched due to platform policies.
Compound Hit With Distribution Bug
Compound, one of the leading decentralized finance platforms built on top of Ethereum, is experiencing a bug that allows users to claim more comp, the native token of the protocol, than what they normally are able to. The bug was a product of the application of governance proposal 062, which modified the relation in which comp tokens are awarded.
According to Robert Leshner, founder of Compound Labs, this was the result of the code for the proposal being written by a community member, aided by other community members in the process. About this, Leshner stated:
This is the greatest opportunity, and greatest risk for a decentralized protocol–that an open development process allows a bug to enter production.
The impact of the bug is limited to the comp available in the comptroller’s smart contract, which is approximately 280,000 comp, worth $88 million at the time of writing.
Lack of Quick Fix Leads to Frustration
Due to the governance processes and the policies of applying governance changes to the platform, there is no quick and easy fix to this problem. Each governance proposal requires at least seven days to be passed, approved, and applied. However, proposal 063, presented by some community members, disables the ability to claim comp until the bug is resolved.
Leshner tried to warn community members that, if the majority of the claimed comp was not returned, he would report it to the IRS as income, revealing their identities in the process. This caused almost universal uproar from Compound users, who questioned how decentralized the protocol really was.
Lesher ultimately backpedaled on this affirmation, declaring:
I’m trying to do anything I can to help the community get some of its COMP back, and this was a bone-headed tweet / approach. That’s on me.
Compound is tailoring its offer to entice institutions to use its services. The company announced the launch of a service called Treasury in June, designed to offer stable yield opportunities to institutions in the space.
What do you think about Compound’s bug and its governance policies? Tell us in the comments section below.