Compound Errors

Compound’s on-chain governance has backfired, and not for the first time.

An upgrade to the protocol’s oracle contract was implemented yesterday, resulting in unintended consequences. Despite three audits, the new code contained a bug causing transactions to revert for ETH borrowers and suppliers.

Compound announced:

“Effectively, the cETH market is temporarily frozen.”

The thread goes on to state that “Funds are not immediately at risk, but this is a developing situation.”

Let’s hope, this time, things don’t go from bad to worse…

Yesterday, Compound implemented Proposal 117 in order to “upgrade the protocol's oracle contract (currently v2) to v3, which switches the anchor market from Uniswap v2 to v3.”

The bug appears to be a result of differences between Compound’s interest-bearing cTokens cErc20 and cEther.

As stated in Compound’s docs: “CErc20 wraps an underlying ERC-20 asset, while CEther simply wraps Ether itself. As such, the core functions which involve transferring an asset into the protocol have slightly different interfaces depending on the type”.

However, it appears that these considerations weren’t taken into account when designing the new oracle.

OpenZeppelin explained the error as follows:

cETH does not have an underlying() method assumed to be present in every cToken contract by the new oracle implementation, the getUnderlyingPrice function 12 returns empty bytes that cannot be decoded and the call reverts.

Fortunately, although the cEther market is frozen, users are still able to deposit collateral and avoid potential liquidations. And the news has not significantly affected the price of COMP.

The contract in question was audited by three firms, Dedaub, ABDK (both linked here) and OpenZeppelin, with the most recent of the reports dated 1st April 2022. However, the latest commit to UniswapAnchoredView was made 26 days later.

While the bug has been quickly identified and the fix is simply to revert the oracle to the previous version, the changes cannot be implemented for 7 days, until Proposal 119 passes.

The protocol’s rigid on-chain governance also caused issues last year, costing Compound dearly.

Initially, $80M in excess rewards were distributed to depositors before a further ~$68M were released while waiting for the fix to be implemented.

Unfortunately, expensive mistakes are common in our industry.

Just yesterday OptiFi Labs admitted to accidentally shutting down their contract on Solana mainnet, bricking 661K USDC (mostly belonging to a team member). We also recently learned that Crypto.com accidentally sent a user $10M, instead of $100, not noticing for seven months.

With examples of carelessness such as these, even at organisations working under the highest scrutiny, fully on-chain governance may prove more of a hindrance.

While decentralisation maxis often claim that a multisig is not enough, perhaps granting temporary powers to an emergency multisig could provide a lifeline in similar situations…

Is this the price to pay for on-chain governance?

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C

disclaimer:

REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.