As the crypto space evolves, various accompanying questions are raised that are increasingly spreading from a purely technical nature to legality and ethics – with the latest episode revolving around millions of liquidity mining rewards in Compound Finance’s COMP Coin being wrongly paid out and claimed.
“QUESTION of the day,” said analysis firm DeFiPrime”claims [COMP] of [the] wiretapped smart contract is illegal or unethical?”
The answers range from both, neither, and “economically rational.” Many more, it seems, would not have minded if they had the chance to get some of this money. Others are waiting to see what the team itself will do about it and whether they will ask users to return the money. And there are opinions that people will take advantage of the mistake and let the contract expire as long as there is something to take.
More commentators argue that this cannot be considered theft, that those who exploited the exploit and sold the COMP they got should not be taxed or bullied, and that there is nothing wrong with what they did, with some adding: “Code is law.”
This comes after the team behind the Decentralized Finance (DeFi) protocol Compound Finance adopted and executed a proposal on Wednesday, but reported earlier today (UTC time, that “unusual activity related to the distribution of COMP was reported after execution.” They found that no borrowed / delivered funds are at risk.
However, a bug in a contract update incorrectly allowed some users to claim huge amounts of COMP. “Users don’t have to worry about their money; the only risk is that they (or another user) will get an unfairly large amount of COMP,” said Robert Leshner, founder of Compound Labs.
For example, one user claimed COMP and was not the only one to receive a significant amount of rewards for borrowing and delivering smaller amounts of coins such as Ethereum (ETH), USD Coin (USDC), DAI and BAT.
Over 240k COMP tokens (~$70m) have already been given away and another 40k (~$13m) will probably be given away soon. If you had tokens delivered before today, try your luck.
It will be interesting to see if Compound asks users to return the extra tokens (as Alchemix did)
— Mudit Gupta (@mudit__gupta) September 30, 2021
Leshner added that “the impact is limited; at worst, 280k COMP tOkens.” At 8:32 UTC, this is equivalent to over USD 82m. COMP trades at USD 294 and is down nearly 12% in one day and 15% in one week.
This error is “a tragic case of “>” instead of “>=” (at two code places). Two signs, tens of millions of worth loss,” said Kurt Barry, smart contract specialist at Fixed Point Solutions, adding that smart contracts “make the smallest mistakes unforgivable.”
Nevertheless, for Leshner, this incident is both the greatest opportunity and the greatest risk for a decentralized protocol”that an open development process allows an error to enter production.”
There are no admin controls or community tools to disable COMP DISTRIBUTION; any changes to the protocol will require a 7-day governance process to get into production.
Laboratories and members of the community evaluate possible steps to patch the COMP distribution.
— Robert Leshner (@rleshner) September 30, 2021
Further questions have been raised about time locks and the tradeoff that comes with them and completely permissionless systems, with Kain Warwick, founder of Synthetix (SNX) and Aelin Protocol, arguing that “one of the planned features for the new Synthetix Governance module is the ability for token holders to override these time locks with sufficient votes.”