As the decentralized finance (DeFi) market continues to spark the interest of investors around the world, incidents have highlighted the vulnerabilities that various platforms operating within this space are continually exposed to.
For example, it was recently revealed that due to a buggy system update, the prominent DeFi Money Market Composite had put in approximately $ 150 million in native COMP tokens. at risk of a third party attack.
Although the bug was recognized fairly early when the Compound developers submitted a fix for the protocol bug shortly after, it’s worth noting that the update is governed by a seven-day time lock, as a result of which it couldn’t be performed. tangible efforts to solve the problem. they have been enacted until October 7. The proposal of correct the error since it has passed successfully and is scheduled to be executed on October 9, but that may not be the end of this story.
On Twitter after the bug was discovered, Compound founder Robert Leshner admitted that 202,472.5 COMP, worth about $ 64 million at the time of this writing, was at risk due to the “trickle function” of the protocol was put into action for the first time in more than 60-days. The drip feature is designed to make the chips in the compound reservoir available to users, and the reservoir accumulates 0.5 COMP per block.
Following the incident, Leshner indicated that a vast majority of all COMP tokens that exist today, which are currently “reserved for users”, are held in the aforementioned platform reservation system. This disclosure may have played a major role in the depreciation of the value of the COMPs, so much so that after the initial identification of the error, the price of the COMPs quickly plummeted from $ 330 to $ 286, only to make a strong recovery from then, according to data from Cointelegraph Markets Pro.
That said, since October 3, the token has been steadily declining with the value of the digital asset falling from a price point of around $ 350, taking its 30-day losses to a staggering 40% from a local high of around $ 525.
When asked to provide his opinion on the severity of the issue and what he believes may happen to the platform’s native pool of assets over the course of the next few days, Leshner told Cointelegraph that all that needs to be said in relation to the matter had already been done. has been covered “sufficiently”, so declining to comment further on the matter.
The DeFi community has a voice
To get a better overview of what this entire incident means for the broader crypto ecosystem, Cointelegraph reached out to Winston, a pseudonymous moderator of DeFi performance agriculture aggregator, Harvest Finance. In his opinion, although for the most part the community has been quite honest in returning most of the funds, that trust cannot always be relied upon to bail out platforms all the time.
He further added: “This debacle could certainly have been handled better by the team, but it also demonstrates how sometimes these ‘security features’ can hinder a project rather than help it.” Winston went on to say that he hopes lessons will be learned:
“Many protocols will begin to consider the advantages of having a shorter time lock not only to prevent things like this from happening, but also to make them more flexible and able to move quickly.”
SushiSwap developer Mudit Gupta criticized Compound’s use of time locks for governance-related purposes, stating that only around 100 people had been aware of the threat posed by the drip feature since the bug was discovered on September 30, no action has been taken since. because the time delay function is in place.
Gupta went on to more warn DeFi users on the various risks associated with upgradeable smart contracts, claiming that by design they are not intended for “large [DeFi] primitives. “He added that he also sees” the upgradeability more as a bug than a feature. “
That being said, it should be noted that SushiSwap was also in the getting the end of a trick recently, which saw an infamous outside agent compromising the supply chain of the platform’s MISO token launch pad to the tune of $ 3 million. Not only that, but in late September, reports also surfaced that a hacker had identified a vulnerability that could have jeopardized more than a billion dollars in user funds held by SushiSwap.
Technical errors are not new
George Harrap, co-founder of Step Finance, the Solana-based portfolio viewing platform, told Cointelegraph that crypto errors, exploits, and hacks are really nothing new within this space, adding that such instances are just one. an integral part of an industry where everything is digitized.
Also, in a Tweet, Leshner issued a stern warning to the recipients of the erroneous tokens, stating that any illicit acquisition could have consequences in the real world, mainly in the form of actions taken by the United States Internal Revenue Service (IRS). In this regard, Harrap said:
“What is more interesting is the reaction of the founder of Compound than the error itself with which he was threatening DOX users. That’s not a good example at all at DeFi and I think it’s causing many to reconsider their involvement with Compound. “
Rotem Yakir, developer of DeFi at Orbs, a public blockchain infrastructure designed for tight integration with Ethereum Virtual Machine (EVM) -based layers, told Cointelegraph that the Compound saga serves as a crucial reminder that, by providing insight Something alternative on the matter, Rotem Yakir, DeFi developer at Orbs, the downsides of being a completely decentralized platform, without elaborating on the statement. However, he added:
“Comp is one of the most prominent projects in the DeFi space and while this might hurt, it won’t kill them and in the end they will get stronger.”
It’s worth noting that while Leshner’s tweets indicated that roughly 117,000 COMPs, worth $ 37.6 million, had been returned to the protocol after the initial flaw was detected, Yearn.finance developer banteg indicated that a third of the funds that were put at risk by the trickle feature had already been claimed by users at approximately 3:30 pm UTC on Sunday.
In banteg’s estimate, the total value of the COMP tokens that were put at risk as a result of the bug now stands at a whopping $ 147 million.
So, with all of this startling data now available for all to see, the incident is likely to set a precedent for how such incidents could play out within the DeFi ecosystem. DeFi enthusiasts are hoping the situation will reach some sort of resolution, especially after votes on proposals to reverse the mistake have been successful, with the assets lost, hopefully getting back where they rightfully belong, as they do. Otherwise it could potentially spoil the image of the industry.