{"id":350140,"date":"2021-10-08T16:14:00","date_gmt":"2021-10-08T13:14:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/compound-crisis-averted-securing-exposed-comp-could-be-just-the-start\/"},"modified":"2021-10-08T16:14:00","modified_gmt":"2021-10-08T13:14:00","slug":"compound-crisis-averted-securing-exposed-comp-could-be-just-the-start","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/compound-crisis-averted-securing-exposed-comp-could-be-just-the-start\/","title":{"rendered":"# Compound crisis averted? Securing exposed COMP could be just the start"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a309ef856c3d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a309ef856c3d\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/compound-crisis-averted-securing-exposed-comp-could-be-just-the-start\/#The_DeFi_community_has_a_say\" >The DeFi community has a say<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/compound-crisis-averted-securing-exposed-comp-could-be-just-the-start\/#Technical_bugs_arent_new\" >Technical bugs aren&#8217;t new<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># Compound crisis averted? Securing exposed COMP could be just the start <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTAvMmE4ZDRmNjAtOWNkZC00NGZjLThiNGItOWUzOWM0MWJjZDE0LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-128018ef>As the decentralized finance (DeFi) market continues to pique the interest of investors across the globe, a few incidents have shone a major spotlight on the vulnerabilities various platforms operating within this space are continually exposed to.\u00a0<\/p>\n<p>For example, it has recently been unveiled that due to a buggy system upgrade, prominent DeFi money market Compound had put <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roximately $150 million worth of the native COMP tokens at risk of a third-party hack.<\/p>\n<p>Even though the error was recognized fairly early as Compound\u2019s developers submitted a fix for the protocol\u2019s bug soon after, it\u2019s worth noting that the upgrade is governed by a seven-day time lock, as a result of which no tangible efforts to resolve the issue could have been enacted until Oct. 7. The proposal to fix the bug has since successfully passed and is set to be executed on Oct. 9, but that may not be the end of this story.<\/p>\n<p>Taking to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> after the bug was uncovered, Compound founder Robert Leshner admitted that 202,472.5 COMP, worth approximately $64 million at the time of writing, was at risk due to the protocol\u2019s \u201cdrip function\u201d being called into action for the first time in over 60-days. The drip function is designed to make any tokens held in Compound\u2019s Reservoir available to users, with 0.5 COMP being accumulated by the Reservoir per block. <\/p>\n<p>Following the incident, Leshner <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/rleshner\/status\/1444691280894775300\">noted<\/a> that a vast majority of all COMP tokens in existence today \u2014 that are currently \u201creserved for users\u201d \u2014 are held in the platform\u2019s aforementioned reservoir system. This revelation may have had a large role to play in COMPs depreciating value, so much so that after the initial identification of the bug, the price of COMP quickly crashed from $330 to $286, only to make a strong recovery thereafter, according to data from Cointelegraph Markets Pro.<\/p>\n<p>That said, since Oct. 3, the token has steadily declined with the digital asset\u2019s value dropping from a price point of around $350, taking its 30-day losses to a staggering 40% from a local top of around $525.<\/p>\n<p>When asked to provide his take on the severity of the problem and what he believes may happen to the platform\u2019s native asset pool over the course of the coming few days, Leshner told Cointelegraph that all that needs to be said in relation to the matter had already been covered \u201csufficiently,\u201d thus declining to comment on the matter any further.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"The_DeFi_community_has_a_say\"><\/span>The DeFi community has a say<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To gain a better overview of what this entire incident means for the crypto ecosystem at large, Cointelegraph reached out to Winston, a pseudonymous moderator for DeFi yield farming aggregator Harvest Finance. In their view, even though for the most part, the community has been quite honest in returning a bulk of the funds, such reliance can not always be depended upon to bail platforms out all the time. <\/p>\n<p>He further added: \u201cThis debacle could have, undoubtedly, been handled better by the team but it also goes to show how sometimes these \u2018security features\u2019 can hamper a project rather than helping it.\u201d Winston continued on by saying that he hopes lessons will be learned:<\/p>\n<blockquote><p>\u201cMany protocols will start to consider the advantages of having a shorter time lock to not only prevent things like this from happening but also to make them more flexible and able to move swiftly.\u201d<\/p><\/blockquote>\n<p>SushiSwap developer Mudit Gupta criticized Compound\u2019s use of time-locks for governance-related purposes, claiming that only around 100 people were aware of the threat posed by the drip function since the bug was discovered on Sept. 30, with no action having been taken since due to the time-delay function being in place.<\/p>\n<p>Gupta went on to further <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Mudit__Gupta\/status\/1444654017066385412\">warn<\/a> DeFi users about the various risks associated with upgradable smart contracts, claiming that they are, by their very design, not meant for \u201clarge [DeFi] primitives.\u201d Adding that he also views \u201cupgradability as more of a bug than a feature.\u201d<\/p>\n<p>That being said, it should be noted that SushiSwap too was on the receiving end of a hack recently, that saw a nefarious third party agent compromising the supply chain of the platform\u2019s token launchpad MISO to a tune of $3 million. Not only that but at the end of September, reports also surfaced that a hacker had <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CryptoWilfred\/status\/1440811435202809861\">identified<\/a> a vulnerability that might have placed more than $1 billion worth of user funds held by SushiSwap under threat.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Technical_bugs_arent_new\"><\/span>Technical bugs aren&#8217;t new<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>George Harrap, the co-founder of Solana-based portfolio visualization platform Step Finance, told Cointelegraph that crypto bugs, exploits and hacks aren\u2019t really anything new within this space, adding that such instances are just a part and parcel of an industry where everything is digitized.<\/p>\n<p>Also, in a Tweet, Leshner <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/rleshner\/status\/1443730726751506432\">issued<\/a> a stern warning to the recipients of the erroneous tokens, stating that any wrongful acquisitions would potentially be met with real-world consequences \u2014 primarily in the form of action being taken by the United States Internal Revenue Service (IRS). On the matter, Harrap said:<\/p>\n<blockquote><p>\u201cWhat&#8217;s more interesting is the reaction of Compound&#8217;s founder than the bug itself where he threatened to DOX users. That\u2019s not a good example for anything in DeFi and I think is the cause for many to reconsider their involvement in Compound.&#8221;<\/p><\/blockquote>\n<p>Providing a somewhat alternative take on the matter, Rotem Yakir, DeFi developer at Orbs, a public blockchain infrastructure designed for close integration with Ethereum Virtual Machine- (EVM)-based layer ones, told Cointelegraph that the Compound saga serves as a crucial reminder of the disadvantages of being a completely decentralized platform, failing to elaborate any further on the statement. However, he did add:<\/p>\n<blockquote><p>\u201cComp is one of the most prominent projects in the DeFi space and although this might hurt, it will not kill them and they will become stronger in the end.&#8221;<\/p><\/blockquote>\n<p>It is worth noting that even though Leshner\u2019s tweets stated that roughly 117,000 COMP \u2014 worth $37.6 million \u2014 had been returned to the protocol after the detection of the initial fault, Yearn.finance developer banteg <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/bantg\/status\/1444685796632670213\">noted<\/a> that one-third of the funds that were placed at risk by the drip function had already been claimed by users at roughly 3:30 pm UTC on Sunday. <\/p>\n<p>In banteg\u2019s estimation, the total value of COMP tokens that were placed at risk as a result of the bug now stands at a whopping $147 million. <\/p>\n<p><strong><em>Related:\u00a0DAOs can solve important dilemmas but more education is required<\/em><\/strong><\/p>\n<p>Thus, with all of this striking data now available for everyone to see, the incident is likely to set a precedent for how such incidents within the DeFi ecosystem could play out. DeFi enthusiasts are hoping that the situation will reach some sort of resolution, especially after the votes on the proposals to reverse the bug have succeeded \u2014 with the misplaced assets hopefully returning to where they rightfully belong \u2014 as it otherwise stands to potentially mar the image of the sector.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/compound-crisis-averted-securing-exposed-comp-could-be-just-the-start\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Compound crisis averted? Securing exposed COMP could be just the start &#8221; As the decentralized finance (DeFi) market continues to pique the interest of investors across the globe, a few incidents have shone a major spotlight on the vulnerabilities various platforms operating within this space are continually exposed to.\u00a0 For example, it has recently&#8230;<\/p>\n","protected":false},"author":1,"featured_media":350141,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTAvMmE4ZDRmNjAtOWNkZC00NGZjLThiNGItOWUzOWM0MWJjZDE0LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74983,74868,4965],"class_list":["post-350140","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-decentralization","tag-defi","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/350140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=350140"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/350140\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/350141"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=350140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=350140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=350140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}