After passing a recent governance vote that addressed rewards distribution Proposal 62, Comp (COMP) appears to have suffered a token distribution bug. Compound’s twitter account reported shortly afterwards that comp distribution had followed an unusual pattern following the vote, but that no funds had been borrowed or supplied.
The only funds jeopardised by the bug, rest within the Comptroller contract, which means that there is a total cap of 280,000 COMP tokens at risk. At the time of publishing, this still equates to over $80M worth of USD, a very hefty number,with one transaction reportedly nearly $30M alone.
Let’s Get Movin’
With governance often comes the lack of immediate action. As Compound Finance CEO and Founder Robert Leshner noted in a tweet discussing the events at hand, “there are no admin controls or community tools to disable the COMP distribution; any changes to the protocol require a 7-day governance process.”
The Compound team quickly rolled out the initial governance process with Proposal 63 up for review, which temporarily disables COMP distribution rewards while the team and community address the fix for the protocol.
Leshner adds that while Proposal 63 is up for review, “a patch to restart the distribution is in development.” While this gives the team time to address the issue, Proposal 63 does note that all ~280,000 tokens will be at risk.
While the recent Compound bug showed immediate price impact, buyers quickly came back to market and the COMP token has still showed long-term resiliency. | Source: COMP-USD on TradingView.com
Related Reading | TA: Ethereum Consolidates, Why Bulls Could Aim Fresh Rally
Take 10%
Leshner has since gone on Twitter asking recipients of mistaken distributed COMP to return it, with the below tweet:
If you received a large, incorrect amount of COMP from the Compound protocol error:
Please return it to the Compound Timelock (0x6d903f6003cca6255D85CcA4D3B5E5146dC33925). Keep 10% as a white-hat.
Otherwise, it’s being reported as income to the IRS, and most of you are doxxed.
— Robert Leshner (@rleshner) October 1, 2021
He took a bit of heat for the tweet, and followed up by stating that it was a “bone-headed tweet / approach” and that his intentions lie in “trying to do anything I can do to help the community get some of its COMP back.”
Smart contract specialist Kurt Barry noted just how costly small errors in code can impact blockchain projects:
Smart contracts are unforgiving of the tiniest errors…COMP bug is a tragic case of “>” instead of “>=” (in two code locations). Two characters, tens of millions of value lost.
— Kurt Barry (@Kurt_M_Barry) September 30, 2021
Truly a tough set of circumstances for the Compound Finance community, however many have shown approval of Leshner’s response.
The move is not the first mishap in the rapidly growing world of DeFi. Last month, the Poly Network suffered a hack that cost over $600M USD. In a bit of a bizarre set of circumstances, the Poly hacker returned most of the stolen crypto back to the network. And in the last week, cross-chain DeFi protocol pNetwork lost over $12M USD in tokenized Bitcoin to attackers.