A proposal to fix the DeFi lending protocol took seven days to pass, and requires another two days to implement even though up to $43 million in COMP tokens is still at risk.
Seven days and many millions of dollars later, a patch to fix a bug in the Compound lending protocol has been approved by the decentralized lending protocol’s token holders.
On September 30, Compound discovered a bug in its latest update (Proposal 62) was allowing COMP token holders to take far more than their fair share of rewards. $70 million worth had been lost as of Oct. 1.
The problem is that the decentralized finance protocol’s smart contract requires a seven-day voting process before the loophole that being exploited can be fixed — with as much as $43 million worth of COMP tokens still at risk.
Compound Labs’ founder Robert Leshner said a total of 490,000 COMP, worth about $150 million, was vulnerable because of the bug. By Oct. 3, Leshner reported that Compound’s losses had grown to 354,000 COMP worth more than $110 million — although 117,000 COMP had since been returned, leaving the actual losses at about $74 million at that point.
On October 7, Proposal 64 passed. It will fix the problem after a governance-mandated two-day pause.
According to Tyler Lowen, who was working on the fix, No. 64 will temporarily freeze reward issuance. But only to those affected by the bug. He said:
“I want to make it clear that COMP rewards are still accruing at normal and expected rates and that everyone will be able to claim their rightfully earned COMP — the majority right away and the rest shortly after.”
Listen to the CoinMarketRecap podcast on Apple Podcasts, Spotify and Google Podcasts
Fighting the Fix
The process shows a big weakness in decentralized protocol governance: Its inability to move quickly in case of an emergency.
That was demonstrated most clearly by Proposal 63, the first fix, which passed by a wide margin but was scrapped before implementation after controversy arose.
It wasn’t just a few angry community members. Blockchain at Berkeley — the university’s blockchain innovation hub — tweeted out a recommendation to vote no on Proposal 63, calling it a brute-force solution that “erodes trust in the protocol.”
Lowen agreed, adding that he voted against it after community feedback. Leshner supported it despite the controversy, calling it a “tool at the community’s disposal” that in the end wasn’t needed.
