Compound unanimously passes proposal to repair bug

Published at: Oct. 7, 2021

Compound Finance announced the passing of Proposal 064 on Thursday, titled the "Fix COMP Accrual Bug." The proposal states that this update will attempt to “patch the bug introduced in Proposal 62 and pessimistically allow COMP reward withdrawals until the bad COMP accruals can be fixed.”

The proposal, which was written primarily by the same community members who proposed the original upgrade, received unanimous COMP votes of 1,037,107 for and 0 against from 27 key addresses including CEO Robert Leshner, Andreessen Horowitz’s A16z, Gauntlet and Pantera Capital. The proposal is now expected to execute on Saturday.

Users who interacted with the six affected markets — cTUSD, cMKR, cSUSHI, cYFI, cAAVE, and cSAI — will not be able to claim rewards from their entitled staked COMP tokens until after the issue is fully resolved.

Proposal 064 passed, and can be executed in two days:1,037,107 COMP ✅0 COMP ⛔️For the majority of users, the COMP Distribution will return to normal after execution.Certain users (that hit the 62 bug) will be unable to claim COMP until after a future patch.

— Compound Labs (@compoundfinance) October 7, 2021

This last Friday, Cointelegraph reported that a token distribution bug within the community-written Proposal 062 exposed a potentially devastating financial distribution flaw in which users of the protocol were mistakenly able to claim COMP tokens to the sum of $70 million.

If exploited to the fullest, the bug would threaten to drain all COMP tokens held within the Comptroller contract, leaving only those left in the Reservoir contract.

Attempts to rectify the crisis were immediately instigated through Proposal 063, which took seven days to reach production due to the protocol’s governance procedure of reviewing, voting and time lock. This lasted two, three and a further two days, respectively.

However, the seven-day delay enabled a malicious entity to exploit the drip() functionality, transferring $68.8m from the reservoir to the Comptroller, which increases the pool for incorrectly distributed COMP rewards. 

The website's governance reveals the reason for a further proposal iteration:

“Proposal 63 prevents further COMP from being distributed until the correct logic is restored but causes issues for protocols that integrated with Compound and required the claim functionality.”

Proposal 064 is expected to resolve Compound's accrual issues, but the lost funds can only be reclaimed on a individual basis — a decision the protocol said is down to each user's moral discretion. 

Tags
Blockchain
Defi
Smart Contracts
Finance
Related Posts
Gelato raises $11M from heavyweight backers for Web 3.0 automation
Smart contract automation network Gelato has become the latest to receive big backing from crypto venture capital giants. Gelato has raised $11 million in a Series A funding round led by Dragonfly Capital and with participation from ParaFi Capital, Nascent, IDEO CoLab Ventures and Aave founder Stani Kulechov. The funds were raised through a closed-door token sale and will go toward onboarding more blockchains to the network and increasing its staff from the current team of 15. Gelato automates Ethereum smart contract operations by using what it calls “arbitrary logic” and bots. Its most prominent use case is addressing liquidity …
Blockchain / Oct. 8, 2021
How a decentralized identity platform could transform driving forever
An open-source blockchain specializing in digital identity and data has held a live ask-me-anything session with Cointelegraph. Erick Pinos, Ontology’s Americas ecosystem lead, said the company is constantly making upgrades to its protocol — meaning big improvements have been made since it was initially released in 2017. “Our virtual machine can handle a lot more complex transactions at the same time — and a lot more complexity in what developers can build,” Pinos noted. “We’ve always been making improvements to the core protocol, but we’re also focused a lot on smart contracts and tools that are built on top of …
Blockchain / Sept. 7, 2020
Crypto banks are going to swallow fiat banks in 3 years — or even less
Within a few years, a younger generation of financial services customers are going to be able to walk into a bank and gain access to credit products, savings accounts and investments that can host both crypto and fiat assets. In fact, the inroads that will allow for all of this to happen are already breaking ground. You probably already know that Kraken, a cryptocurrency exchange based out of San Francisco, is now the first-ever cryptocurrency business in the United States to become a bank. For now, being an officially chartered bank means that Kraken will be able to offer more …
Technology / Oct. 10, 2020
IOV Labs Ushers in Bitcoin-Based Mobile DeFi
IOV Labs, a startup that constructs financial solutions based on Bitcoin's blockchain, has introduced another layer of scaling. "IOV Labs announced the launch of its Light Client for the Lumino Payments Network, a third-layer Bitcoin scaling solution," said a statement provided to Cointelegraph, which added: Lumino Payments Network enables off-chain payment capabilities for any current or future ERC20-compliant token deployed on the RSK and RIF blockchain networks." Bitcoin-based decentralized finance Ethereum made a name for itself as a smart contract-enabled network primed for project building. Thanks to a sidechain solution called Rootstock (RSK), however, projects can work with smart contracts …
Blockchain / May 13, 2020
Mark Cuban issues burn notice on offensive ENS domain
Someone sent Mark Cuban a profane Ethereum Name Service domain a few days ago. After observant Twitter users recently tracked down his ether address, it was only a matter of time before a wave of unwanted spam transactions made their way into his account. This is, after all, the internet. Here there be monsters. While it isn’t entirely clear what the presumed troll’s endgame was, the word was nonetheless offensive enough to raise some eyebrows at Cointelegraph, and we don’t intend to reprint it here. Suffice to say, a decent person would not want to be known as the owner …
Technology / Feb. 3, 2021