Compound Contract Bug Keeps Infesting Before Fix Can be Implemented

Total
0
Shares

Decentralized finance ( DeFi) protocol Compounded Finance ran into more problems over the weekend when nearly USD 65m of COMP was dripped in the contract that was plagued by a bug.

According to Etherscan on October 3, COMP202,472.5 in USD 64.67m value was transferred from Compound Reservoir contract into protocol

This means that newly infused funds could also be exploited. Yesterday, an address showed a transfer in the amount of 4.8 million, and another in the range of USD 12m.

This ability to add funds the compromised contract was known but kept secret.

yearn.finance Core contributor ‘banteg claimed that “this was known since a few days now but there is no mitigation so the plan was keep it quiet and hope nobody discovers for a week.”

Compound Lab’s October 2 Tweet revealed a new proposition that “patches” the bug introduced by the proposal that caused it and “resumes COMP distribution for most users.” This seems to be the intention of the protocol team. They wanted people not to use the ability until the two other proposals that were following the faulty one are implemented on October 7.

Robert Leshner

In response, Robert Leshner (Founder of Compound Labs) stated the Reservoir contract holds the bulk of the COMP reserved for users and that it drips 0.50 Comp/block into this protocol. “Nobody called the function for weeks and community developers were optimistic that Proposal 64 or 63 (in governance) would be in effect before it was called.”

The founder explained that the “drip function” was invoked on Sunday morning by someone calling for it. It sent the entire backlog (or two months) of COMP 202.472.5 to the protocol for distribution.

C. COMP 117,000 (USD37.28m), has been returned to the time of this post. However, total COMP 490,000. (156.12m), were reported as being vulnerable.

You May Also Like