DeFi protocol Compound (COMP) found a bug in governance proposal 117 designed to improve its worth feeds, forcing it to quickly freeze the Compound ETH (cETH) market.
An hour in the past, Proposal 117 was executed, which up to date the worth feed that Compound v2 makes use of.
This worth feed, whereas audited by three auditors, contained an error that’s inflicting transactions for ETH suppliers and debtors to revert.https://t.co/a2DFk7h0ET
— Compound Labs (@compoundfinance) August 30, 2022
In line with an August 30 Twitter thread, the bug made “transactions for ETH suppliers and debtors revert.”
The group stated that its customers’ “funds usually are not instantly in danger” and added that its interface is at the moment not accessible as a result of “worth discrepancy.”
In line with Compound Lab’s CEO Robert Leshner, customers at liquidation threat can nonetheless add Ether collateral. He stated:
“No customers must be vulnerable to liquidation or vulnerable to dropping funds.”
Proposal 117 was designed to replace the oracle contracts on the lending protocol to a brand new model that makes use of Uniswap V3 as an alternative of V2 for worth feeds. GFX Labs proposed it on behalf of ChainLink.
The proposal was audited by OpenZeppelin, Dedaub, and ABDK, who all missed the bug.
The bug
An OpenZeppelin replace revealed that the “getUnderlyingPrice” operate triggered the bug. It continued that the cETH market didn’t have this operate as assumed by the oracle improve.
The operate returns empty bytes every time it’s known as, thereby reverting transactions.
OpenZeppelin wrote that:
“The first subject proper now could be a brief denial of service for the cETH market which might be resolved by the brand new governance proposal. No funds are in danger at the moment. The remainder of the cToken markets on Compound V2 and all of V3 stay practical.”
Proposal 119 to revert the improve
In line with accessible info, GFX Labs submitted proposal 119 to revert the improve lower than an hour after noticing the bug.
The proposal can be handed and executed after a seven-day governance course of.
In the meantime, the bug seems to not have had any fast influence on the worth efficiency of Compound’s COMP token. The token has been on a purple candle run for the final 30 days. Its worth declined by round 4% to commerce at $48 over the earlier 24 hours.
