English
Chinese (Simplified)
French
German
Italian
Polish
Russian
Spanish
Turkish
Ukrainian
Source: Adobe /сергей Шиманович
The Decentralized Finance (DeFi) protocol Compound Finance had more problems over the weekend, when on Sunday COMP worth almost USD 65m dripped into the contract plagued by a fault.
COMP 202,472.5 Worth were transferred from the Compound Reservoir contract to the protocol via Etherscan on October 3.
This means that the freshly infused funds are also in danger of being exploited. Yesterday, one address showed a transfer of about 4.8M and another almost USD 12m.
It turns out that this ability to add money to the compromised contract was known, but, apparently, it was decided to keep it secret.
(YFI) Core contributor ‘banteg’ claimed that “this has been known for a few days, but there is no possible mitigation, so the plan was to stay silent and hope that no one discovers it for a week.”
The October 2 tweet from Compound Lab announced a new proposal that “fixes the bug introduced by the proposal that caused it” and “resumes the COMP distribution for the majority of users.” It seems that the team behind the protocol was hoping that no one would use this ability, until the two proposals that followed the erroneous ones were implemented on October 7.
In response, Robert Leshner, founder of Compound Labs, said that the reservoir cOntract keeps the majority of COMP reserved for users and drips 0.50 COMP/block into the protocol. “No one had called the feature for weeks, and community developers were hoping that Proposition 63 or 64 (in governance) could go into effect before it was called.”
So what had happened, according to the founder, is that someone who asked for this “drip function” on Sunday morning sent the entire backlog of COMP 202.472,5 – Or about two months of COMP since last time – into the log for distribution to users.
And during C. COMP 117,000 (USD ) was returned until the time of the post, which totaled some COMP 490,000 () were reported as vulnerable.
This brings the total vulnerable COMP to about 490k, of which 136k is still in the comptroller and 117k has been returned to the community so far (THANKS 🙏 ).
- Robert Leshner (@rleshner) 3. October 2021
As reported, Compound Finance adopted and executed a proposal last week, but soon found that users could claim millions of COMP rewards due to a bug in a smart contract, some of which affected USD 82m at the time.
A few days later, Leshner tweeted what was largely perceived as a threat to dox those who did not return the claimed COMP, as well as a bad move on his part, which he followed with an apology after receiving strong backlash.
