Some users of the decentralized finance project (DeFi) Compound were surprised on Wednesday night (29) to receive in their wallets much greater rewards than they should get for providing liquidity for the protocol.
According reported On Twitter, the project’s founder, Robert Leshner, the confusion began in the evening shortly after the Compound’s Proposal 062, responsible for updating the contract that distributes COMP tokens to users, came into effect.
In one of the smart contracts there was a bug that caused some liquidity providers to receive many more COMP tokens than anticipated.
The Twitter profile @napgener was one of the first to identify the problem to notice that three users received a total of $15 million in COMP for providing small amounts of USDC, ETH and DAI in platform pools.
In the early hours of this Thursday, another user managed to claim a $27 million COMP reward on his own.
A few hours ago, Proposal 62 went into effect, updating the Comptroller contract, which distributes COMP to users of the protocol.
The new Comptroller contract contains a bug, causing some users to receive far too much COMP. https://t.co/Fy6nLgDqKy— Robert Leshner (@rleshner) September 30, 2021
Compound is a popular loan protocol that started the craze for yield farming when it was released about a year ago. Users can earn interest by borrowing their cryptocurrencies in the platform’s pools.
According to Leshner, the bug’s impact is limited and, at worst, could cost 280,000 COMP tokens for the protocol, equivalent to $84.8 million at the current currency rate.
According to CoinMarketCap, the COMP is trading at $303, down 8% in the last 24 hours, probably caused by the bug found in the update.
However, the project’s founder reassured the community that all funds deposited in the pools are safe. “Users don’t have to worry; the only risk is that you (or another user) will receive an unfairly large amount of COMP,” wrote Leshner.
The downside of decentralization
Proposal 062 that contained the bug was submitted by developer Tyler Loewen, and was reviewed by other project participants before being approved by the community.
Even so, the bug went unnoticed. According to Robert Leshner, although the error was later identified, there is nothing that can be done in the short term to resolve the problem since there are no administrator controls that can disable the COMP distribution.
“Any change to the protocol requires a seven-day governance process to go into production. […] This is the biggest opportunity and the biggest risk for a decentralized protocol — that an open development process allows a bug to go into production.” he wrote.
The Compound is currently the fifth-largest decentralized finance protocol in the world, with a total blocked amount (TVL) of $9.6 billion, according to the DeFi Llama.