Compound’s Bug, um, Compounded in Size
October 4, 2021 / Unchained Daily / Laura Shin
- A bug in Coinbase’s multi-factor authentication SMS option led to at least 6,000 Coinbase accounts being drained; the exchange says it will reimburse users.
- The SEC pushed back deadlines of four Bitcoin ETF applications until late 2021.
- Grayscale added SOL to its $494 million large-cap crypto fund.
- The overall crypto market cap crossed $2 trillion to start “Uptober.”
- Société Générale (SocGen), one of the largest banks in France, applied for a $20 million MakerDAO loan.
- Cryptocurrency exchange KuCoin is shutting down accounts of mainland China residents.
- Axie Infinity is launching a decentralized exchange.
- El Salvador mined Bitcoin using geothermal energy.
- Zero Hash, a crypto services startup, raised $35 million in a Series C round led by Point72 Ventures.
- Multicoin hired Greg Xethalis as its first general counsel (and he will appear on Unchained tomorrow).
- An NFT from SolanaMonkeyBusiness sold for $2.1 million — the most expensive Solana NFT sale to date.
- The Biden administration is examining different ways to regulate stablecoin issuers.
What Do You Meme?
Yesterday, a bug located within the Comptroller contract of the DeFi lending protocol Compound was exploited for the second time in just a few days.
The first mishap occurred last week, shortly after Proposal 62 was implemented. Proposal 62 was intended to split COMP mining rewards to a governance set ratio, rather than the previous 50/50 split share model. Soon after the upgrade went live, the Comptroller contract began distributing rewards disproportionately, with multiple users coming in to scoop up millions of dollars of COMP. According to Compound Labs CEO Robert Leshner, the bug was bounded at 280,000 COMP, or approximately $85 million.
Based on the contract, regular users of Compound would not be affected. The only risk is that certain users would receive unfairly large rewards of COMP
On Sunday, the Compound bug almost doubled in scope. By calling Compound’s drip() function, an Ethereum user was able to append an additional 202,000 COMP ($66 million) to the Comptroller contract, essentially giving another group of users a chance to claim an outsized portion of rewards.
Banteg, a core developer at Yearn.Finance, calculates Compound as losing out on $147 million in COMP, a number that he believes makes it the largest smart contract induced fund loss ever. According to Banteg, the “drip() function” was the “best kept secret in DeFi,” had been known for multiple days before it was put into action.
However, because of the way Compound governance is structured, it takes seven days to correct coding errors. Leshner, in a tweet, explained that the team had hoped to get a patch in before the drip was called.
At publishing time, Compound’s COMP is only down 2.83% over the past 24 hours and 6% on the week.
- Learn about the beauty of Bitcoin from a, um, croissant:
- Decrypt on bad cryptocurrency exchange customer support:
- Tascha Che on the systemic shock of crypto:
On The Pod…
Fereshteh Forough is the founder and CEO of Code to Inspire, a coding school for girls in Afghanistan. She discusses her background as a refugee, how she uses crypto to fund the school and pay students, and how the US military’s departure has affected student life. Topics include:
- Fereshteh’s journey from refugee to computer science professor to founder and CEO of Code to Inspire
- what Code to Inspire offers to young Afghan women and what risks they take by getting an education
- how Code to Inspire success stories are changing the attitudes of student’s families and communities
- the importance of Afghan Hero Girl, a video game created by Code to Inspire students
- why crypto payments are a better alternative to PayPal and Western Union for Code to Inspire and its students
- how Code to Inspire and its students exchange crypto to fiat
- what the perception of crypto is in Afghanistan
- how the Taliban is stifling the education of women and how Code to Inspire is attempting to continue its curriculum
- how crypto companies can offer assistance to Code to Inspire
- what features and products Fereshteh thinks would help the crypto industry actually bank the unbanked
- how listeners can help Code to Inspire and where to find more information on Fereshteh
My book, The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze, is now available for pre-order now.
The book, which is all about Ethereum and the 2017 ICO mania, comes out Jan. 18. Pre-order it today!
You can purchase it here: http://bit.ly/cryptopians