{"id":347999,"date":"2021-10-04T06:04:49","date_gmt":"2021-10-04T03:04:49","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/compounding-problems-65m-more-comp-at-risk-as-devs-wait-for-time-locked-bug-fix\/"},"modified":"2021-10-04T06:04:49","modified_gmt":"2021-10-04T03:04:49","slug":"compounding-problems-65m-more-comp-at-risk-as-devs-wait-for-time-locked-bug-fix","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/compounding-problems-65m-more-comp-at-risk-as-devs-wait-for-time-locked-bug-fix\/","title":{"rendered":"# Compounding problems: $65m more COMP at risk as devs wait for time-locked bug fix"},"content":{"rendered":"<p>&#8220;<strong># Compounding problems: $65m more COMP at risk as devs wait for time-locked bug fix <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTAvOTNmYTkyZGQtY2ViOS00ZjcwLWJjZDUtN2RiMzA5YjM3NWQzLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-128018ef>Major DeFi money market Compound\u2019s woes are worsening, with nearly $150 million worth of COMP now at risk due to a buggy upgrade to the protocol that went live last week.<\/p>\n<p>On Sept. 30, Cointelegraph reported that a bug had resulted in between $70 million and $85 million worth of COMP tokens being mistakenly offered to users as rewards after an update intended to fix bugs and \u201csplit COMP rewards distribution\u201d went awry.<\/p>\n<p>Despite the reward distribution error being identified quickly, Compound\u2019s week-long delay on enacting new governance measures meant that the error will not be fixed until Oct. 7.<\/p>\n<p>On Oct. 3, Compound founder Robert Leshner tweeted that 202,472.5 COMP (worth <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roximately $65 million) had been placed at risk after the protocol\u2019s drip function was called for the first time in roughly two months. <\/p>\n<p>The drip function makes tokens held in Compound&#8217;s Reservoir available to users, with 0.5 COMP being accumulated by the Reservoir per block. Leshner noted that \u201cthe majority of COMP reserved for users\u201d is held in the Reservoir.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">This brings the total COMP at risk to approximately 490k, of which 136k is still in the Comptroller, and 117k has been returned to the community so far (THANK YOU ).<\/p>\n<p>\u2014 Robert Leshner (@rleshner) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/rleshner\/status\/1444691282455142400?ref_src=twsrc%5Etfw\">October 3, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>SushiSwap developer Mudit Gupta took to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">social media<\/a> to criticize the use of time-locks on governance, asserting that roughly 100 people were aware of that the threat posed by the drip function since the Sept. 30 bug was discovered but they were unable to act due to the time-delay on updating the protocol.<\/p>\n<p>Gupta also warned of the risks associated with upgradable smart contracts, asserting they are inappropriate for \u201clarge [DeFi] primitives.\u201d <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">This is why timelocks on everything are not always the best option. About a hundred people knew about this possibility since day 1 but their hands were tied due to the timelock.<\/p>\n<p>All of this 68.8m can be drained, not just a quarter if there are malicious actors involved. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/xB5T1sjUQ8\">https:\/\/t.co\/xB5T1sjUQ8<\/a><\/p>\n<p>\u2014 Mudit Gupta (@Mudit__Gupta) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Mudit__Gupta\/status\/1444654017066385412?ref_src=twsrc%5Etfw\">October 3, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u201cI&#8217;ve come to see upgradability as more of a bug than a feature,\u201d he added.<\/p>\n<p>While Leshner\u2019s tweet revealed that roughly 117,000 COMP worth $37.6 million had been returned to the protocol following the initial incident, Yearn Finance developer Banteg <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/bantg\/status\/1444685796632670213\">estimated<\/a> that one-third of the funds placed at risk by the drip function had already been claimed by users at roughly 3:30 pm UTC on Oct. 3. <\/p>\n<p>Banteg tallied the total value of COMP tokens placed at risk by the protocol\u2019s bug to now be $147 million.<\/p>\n<p><strong><em>Related:\u00a0Hackers exploit MFA flaw to steal from 6,000 Coinbase customers \u2014 Report<\/em><\/strong><\/p>\n<p>Despite the bug\u2019s initial identification causing the price of COMP to quickly crash 3% from $330 to $286 on Sept. 30, the token quickly recovered and traded above $340 on Oct. 2, according to CoinGecko. <\/p>\n<p>COMP has shed 7% of its value since tagging a local high of $347.5 on Oct. 3, last changing hands for $322 at the time of writing.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/compounding-problems-65m-more-comp-at-risk-as-devs-wait-for-time-locked-bug-fix\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Compounding problems: $65m more COMP at risk as devs wait for time-locked bug fix &#8221; Major DeFi money market Compound\u2019s woes are worsening, with nearly $150 million worth of COMP now at risk due to a buggy upgrade to the protocol that went live last week. On Sept. 30, Cointelegraph reported that a bug&#8230;<\/p>\n","protected":false},"author":1,"featured_media":348000,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTAvOTNmYTkyZGQtY2ViOS00ZjcwLWJjZDUtN2RiMzA5YjM3NWQzLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74868,75434],"class_list":["post-347999","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-defi","tag-smart-contracts"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/347999","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=347999"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/347999\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/348000"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=347999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=347999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=347999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}