- About $22 million was drained from Compound contract in another hit caused by a bug.
- A DeFi developer noted that there will be continuous loses on the platform till Compound Finance can make changes after the 7-day governance window.
Another $66 million has been added to the affected Compound Finance contract that was designed to disburse liquidity mining rewards to users over some time. After the loss Compound Finance recorded in the past week, the new funds were added on the 3rd of October. The Compound Finance team installed a newly implemented Proposal 062, which turned out to result in the continued loss. The team noted that it ensured proper verification of the upgrade, and it was originally designed to split COMP rewards distribution and fix bugs. Shortly after the upgrade, Proposal O62 began to malfunction due to a bug caused by the omission of two characters. There were cases of “>” instead of “>=” in two locations.
As a result of the omission, Compound Finance saw losses that amounted to about $80 million worth of COMP tokens.
Just as funds were exploited due to a bug within a newly implemented upgrade at the end of last month, about $22 million of the newly added funds has been exploited due to the same bug. More severely, a DeFi developer noted that the concluding $44 million is even at risk.
Compound Finance loses $22 million to several ETH addresses
Several ETH addresses have claimed the COMP tokens. Around 9:30 AM EDT, an ETH address claimed 37,504 COMP tokens, resulting in about $12 million. Separately, another ETH address claimed 14,995 tokens worth $4.9 million. The funds are in two separate addresses and contracts from the MakerDAO DSProxy factory claimed them. In addition, there were more claims of COMP tokens up to 9499, 2999,1699, summing up to $22 million in total. According to Compound Finance CEO Robert Leshner, representatives from MakerDAO have been helping in finding a lasting solution to the bug.
The bug event has stirred up several comments among members of the crypto community. Yearn.Finance core contributor’ banteg,’ is among the many that commented on the ongoing issue. According to banteg, the possibility of topping off the bugged contract has been “known for a few days now, but there is no possible mitigation, so the plan was to keep shush and hop nobody discovers it for a week.”
The Compound Finance contract is not enabled with a multi-signature scheme that allows immediate upgradability. Rather, there is a 7-day window required before any changes can be made on the platform. Originally, the governance process was designed to make the protocol resilient to hostile changes. However, the same security structure has resulted in a barrier to fix an ongoing error.
It appears more funds will be added to the contract. And when it does, the added funds are also at risk. Currently down 5.43 percent, COMP is now trading at $317.36.