Blockonomist NFT Rarity Tool is here to rank your NFTs based on rarity Learn More 🎉

Read News

Read News For Me

Compound Finance Mis-Rewarded around $80m Worth Comp to the Users

Compound Finance Mis-Rewarded around $80m Worth Comp to the Users
Image Source: Google Images

Compound labs recently underwent a bug in its upgraded contract that has mistakenly allowed many users to claim unusual COMP rewards. It paid out around $80 M in COMP tokens intended as liquidity mining rewards.

Unusual activity has been reported regarding the distribution of COMP following the execution of Proposal 062.

No supplied/borrowed funds are at risk—Compound Labs and community members are investigating discrepancies in the COMP distribution.

~Twitter (@compoundfinance)

Proposal 062 was newly implemented by Compound Finance, which reported to over-reward the suppliers. The upgrade was actually designed to split COMP rewards distribution and was absolutely verified. But, within few hours, unusual activity was noticed by the team members in the COMP distribution. However, no funds are at risk, according to the Compound team.

Additionally, Proposal 063 also disabled the ability to claim the COMP token until the corrected distribution logic.

What was the cause of this incident?

Compound's liquidity mining program rewards the borrowers and the depositors at a rate of single-digit APY.

Upon investigation, it was found that Compound's upgraded comptroller contract has a one-letter bug on L1217, which led to a reverse rug pull, and the Comptroller started to reward suppliers more than expected. The comptroller contract isn't managed by a multi-signature wallet, and any fix to the exploit might require a governance vote.

The bug gets triggered when anyone supplies tokens for a market with zero COMP rewards such as cTUSD and cSUSHI before the market's migration. The supplyindex for these tokens remains as that of the comp initial index. The reason behind this was not triggering the 'if block' on L1217.

In the 'if block', the check was '>'. So, when the block is not triggered, the supplierindex remains zero, while the supplyindex is 1e36. So, the protocol paid rewards for indexes 1e36 and not the intended zero rewards.

The exploit was acknowledged by Compound Finance on its Twitter handle immediately after it was discovered. Note that compound finance is the fifth largest DEFi protocol in the world.

The founder of compound finance later stated that they do not have any admin controls for disabling the COMP distribution. Further, he noted that a 7-day governance process is required to make any change in the protocol.

COMP price is falling after this news

The current market price of COMP is $308.66 after a decline of around 3% in 24-hours. It even reached $290 soon after the announcement.

Compound Labs and the members are indeed evaluating the potential steps to repair the distribution of COMP tokens; meanwhile, it will be interesting to see if the team will ask the users to return the rewarded tokens or not.