DeFi

Losses of up to 490,000 COMP estimated, due to bug in Compound Finance upgrade

Published

on

Source: Pixabay

The recent bug-incident related to the Compound Finance upgrade resulted in a loss of over $80 million worth of COMP. In this regard, Compound Labs founder Robert Leshner had earlier said that the total COMP at risk was about 280,000 tokens at worst. But, he has updated on Twitter that the risk was in fact to the tune of 490,000 COMP tokens.

The above risk is said to be a repercussion of the Proposal 062 execution on the DeFi platform. Leshner explained that the community developers were hopeful that another set of upgrades, namely Proposal 63 or 64, would be applied before the weakness was spotted. However, the reservoir smart contract is “dripping 0.50 COMP/block into the protocol.”

As part of the 490,000 tokens at risk, 136,000 are still in the Comptroller while 117,000 were returned to the community, according

to the founder. Leshner had gone on Twitter after the initial breach asking the users to return the “unfairly large quantity of COMP.”

Until then, Compound assured the users,

“No supplied/borrowed funds are at risk.”

Meanwhile, Leshner is hopeful that the upcoming governance upgrade will fix the distribution bug in the COMP protocol. But, it didn’t look like an immediate solution. In an official announcement, the DeFi platform stated,

“All proposals are subject to a 3 day voting period, and any address with voting power can vote for or against the proposal.”

After the proposal receives at least 400,000 votes, it takes another two days to be implemented with the Timelock. On 30 September, Compound Labs had notified

that the community members proposed to disable Proposal 063 until the bug was fixed. As per this, Timelock is expected to apply the protocol change by October 7.

Mudit Gupta, a core developer at DeFi exchange SushiSwap tweeted,

“This is why timelocks on everything are not always the best option.”

More COMP tokens under risk?

As the community rushed against time, another core developer had found addresses that could exploit the bug to drain the money from the Comptroller. He estimated that a quarter of the $68.8m funds are at risk.

However, Gupta estimated that the entire transferred amount was at risk of immediate loss by bad actors. As we discussed the extent of loss, COMP had already lost around 7% of the total value locked (TVL) in the past week.