Compound, the most popular cryptocurrency lending protocol on Ethereum, has again been facing serious problems. A Yearn developer, banteg, said that someone had called a function that allowed more funds to be made available to users. Users can now claim up to $140,000,000 of the protocol’s native currency comp. Compound hopes users won’t claim these tokens, and is working to fix the bug that caused it.
Compound remains vulnerable to Exploit
Compound, a decentralized financial protocol, was aggravated by a call to a function that could have put more funds at stake. Drip, the function that sends more than 200,000 Comptroller tokens (Compound’s native currency) to the Comptroller Contract, the component that was infected by a bug last Wednesday, allowed users to claim uncharacteristically high amounts of Comp.
Yearn’s developer, banteg says this was the best-kept DeFi secret. The drip function transfers funds from the “cold wallet contract” of the token to the Comptroller for distribution among users. Five addresses could take $45 million from these tokens, according to the dev. This would have a negative effect on the asset’s price.
Leshner Acknowledges Issues
Robert Leshner, founder of Compound Labs, was quick to acknowledge the issue. He stated that this function was not called for weeks and that he expected the bug to be patched before new funds could be put at risk. Due to Compound’s governance characteristics, the bug introduced last week is still waiting for new proposals to be approved in order to apply a patch to correct it.
However, Leshner was optimistic about the future of the protocol, stating:
I’m optimistic about the patches making their way through the governance process, which fix the distribution, and the community members that are working to manage this bug.
The community is calling for changes to how these governance proposals are managed and approved. A user in Twitter proposed introducing a new kind of governance proposal to deal with bugs quickly, treating them as emergency updates. This new event that puts more tokens at risk has apparently affected comp’s price, which has gone from $340 to $317 in just the last 24 hours.