Compounding Bug on the Defi Platform Enables Users to Claim $88 Million in Tokens

Compound, one of the Ethereum blockchain’s hallmark defi protocols, is currently facing a flaw that enables users to reclaim unusually large quantities of its native coin. 

The issue was introduced as a result of the adoption of a proposal that altered the contract that governs the distribution of tokens to users. Robert Leshner, the founder of Compound Labs, stated that customer funds were secure and that the flaw would be addressed within seven days owing to platform policies.

Compound Is Affected By A Distribution Error

Compound, one of the most prominent decentralized finance systems built on Ethereum, is currently facing a flaw that allows users to claim more comp, the protocol’s native currency, than they typically may. The flaw was introduced as a result of the implementation of governance proposal 062, which altered the way comp tokens are granted.

According to Robert Leshner, creator of Compound Labs, this occurred as a result of a community member writing the proposal’s code with assistance from other community members. Leshner stated the following:

This is the greatest opportunity, and greatest risk for a decentralized protocol–that an open development process allows a bug to enter production.

The bug’s impact is confined to the comp accessible in the comptroller’s smart contract, which now stands at around 280,000 comps worth $88 million.

Frustration Resulted from the Absence of a Quick Fix

There is no quick and easy solution to this problem due to the governance processes and policies governing the application of governance changes to the platform. Each governance proposal must be passed, authorized, and implemented within at least seven days. However, suggestion 063, which was put up by several community members, limits the ability to claim compensation until the flaw is fixed.

Leshner attempted to warn community members that if the bulk of the claimed compensation was not returned, he would report it as income to the IRS, so disclosing their names. This sparked virtually universal outrage among Compound users, who questioned the protocol’s true decentralized nature. Lesher eventually retracted this affirmation, declaring:

I’m trying to do anything I can to help the community get some of its COMP back, and this was a bone-headed tweet / approach. That’s on me.

The compound is targeting its offering to institutions in order to attract them to use its services. In June, the business announced the debut of a new service called Treasury, which is intended to provide institutions in the industry with steady income options.

Also Read: Singapore Establishing Crypto Hub In Asia