Compound Bug Puts 490k COMP at Risk to Become the Largest Fund Loss in a Smart Contract Incident


Compound Bug Puts 490k COMP at Risk to Become the Largest Fund Loss in a Smart Contract Incident

  • AnTyAnTy

The whole COMP in danger has now elevated to about 490k COMP tokens, amounting to over $155 million on the present value of $317.71.

This newest surge within the affected tokens is because of one other $68.8 million of COMP being despatched to the Comptroller. Last week, this up to date Comptroller Contract containing a bug had resulted in erroneously sending tens of millions of {dollars} to some customers.

At the time, Robert Leshner, founding father of Compound Labs, had stated that the mistaken claims may very well be at worst 280k COMP tokens.

Now, this determine, in keeping with Leshner, has additional elevated to 490k after Banteg, the core developer of DeFi protocol Yearn Finance (YFI) — which has greater than $5 billion in whole worth locked (TVL) — tweeted “The best-kept secret in DeFi is out,” on Sunday.

“Someone known as drip() on Compound’s Reservoir, which despatched one other $68.8m of COMP to Comptroller,” added Banteg, noting about 1/4 of that would already be drained. The quantity was later discovered to be even greater.

“The bug tallies to $147m, making it formally the biggest fund loss in a sensible contract incident.”

I was one of many largest proponents of upgradable good contracts.

However, over time, I’ve come to see upgradablity as extra of a bug than a characteristic.

It’s nonetheless good in some situations however in all probability not nice for giant primitives like Compound, Aave, Uni, Sushi, Maker and so on.

— Mudit Gupta (@Mudit__Gupta) October 3, 2021

Leshner then took to Twitter to acknowledge the state of affairs, noting that within the Reservoir contract, nearly all of the COMP tokens are reserved for customers and drips 0.50 COMP per block into the protocol.

“Nobody had known as the operate in weeks, and group builders had been hopeful that Proposal 63 or 64 (in governance) might go into impact earlier than it was known as.”

Mudit Gupta, a developer at DEX SushiSwap, famous that because of this “timelocks on every part aren’t all the time the most suitable choice,” as a result of although folks learn about this challenge, nobody might do something about it as a result of timelock.

Out of the entire 490k COMP in danger, 136k remains to be within the Comptroller, and 117k has been returned to the group thus far, Leshner shared.

“Going ahead, I’m optimistic concerning the patches making their method by the governance course of, which repair the distribution, and the group members which might be working to handle this bug.”

Anyone who returns COMP to the group is an alien giga-chad; and if a squad of alien giga-chads ever summon me, I’ll seem

— Robert Leshner (@rleshner) October 1, 2021

Leshner thanked those that had returned the COMP and stated that the protocol had created portraits for them to acknowledge their deeds.

Last week, as we reported, Leshner had threatened the customers that he would report those that didn’t return the funds to the IRS. But later backtracked the assertion as he obtained criticism and realized his mistake in doing so.

“I’m sorry, and I hope you possibly can forgive me. It was a really very dumb tweet,” he stated in response to at least one consumer speaking about Leshner’s unique tweet making him wanna go away the Compound platform.


AnTy has been concerned within the crypto area full-time for over two years now. Before her blockchain beginnings, she labored with the NGO, Doctor Without Borders as a fundraiser and since then exploring, studying, and creating for various trade segments.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button