As of today, there is about $103.94B locked across all DeFi protocols. While that is great news for a decentralised economy, another way to interpret the fact is that about $103.94B is at stake, riding on potentially error prone smart contracts. On 30th Sept 2021, a single equal sign cost Compound Finance $90 million. 
Background
The vast majority of cryptocurrencies sit idle on exchange platforms, doing nothing for their holders. Compound looks to change this with its open lending platform, which allows anybody who deposits supported Ethereum tokens to easily earn interest on their balance or take out a secured loan — all in a completely trustless way. Simply put, compound generates interest on your crypto Ethereum based assets by lending it to borrowers.
How it works
Positions (supplied assets) in Compound are tracked in tokens called cTokens, Compound’s native tokens. cTokens are ERC-20 tokens that represent claims to a portion of an asset pool in Compound. By locking up ERC20 assets in the Compound protocol, depositors receive an equivalent amount of respective cTokens as collateral.
Although it sounds complicated, if you rethink the underlying principle it is very similar to how asset appreciation works. Take investing in gold for example, when you buy $100 of gold you get some amount of physical gold in exchange. Assuming the value of gold increases over time, you get more than $100 when you sell it in the future.
Compound Finance Architecture
COMP TOKEN
COMP the native ERC-20 for compound finance. COMP token that allows the owner to delegate voting rights to any address, including their own address. Changes to the owner’s token balance automatically adjust the voting rights of the delegate.
The Compound protocol is governed and upgraded by COMP token-holders, using three distinct components; the COMP token, governance module (Governor Bravo), and Timelock. Together, these contracts allow the community to propose, vote, and implement changes through the administrative functions of a cToken or the Comptroller. Proposals can modify system parameters, support new markets, or add entirely new functionality to the protocol.
Suppliers and borrowers are rewarded for their participation in the protocol by distributing COMP token per Ethereum block
The Comptroller
This distribution is controlled by the aptly named smart contract Comptroller. Comptroller is implemented as an upgradeable proxy. Any changes to the protocol require a 7-day governance process to make their way into production.
The compound architecture illustrated below: 
The Bug
cSUSHI, cMKR, cYFI, cAAVE, cTUSD, cSAI had zero comp rewards before the market was initialized or migrated. Proposal 62 adds a feature to reward COMP to suppliers of these tokens. This was done in the distributeSupplierComp function:
In the highlighted IF statement the condition should have been >= rather than >. Since the if block is not triggered, supplierIndex remains 0 while supplyIndex is 1e36. The delta of the indexes becomes 1e36 and the protocol pays out rewards for 1e36 indexes rather than the intended zero rewards.
This means, anyone who has supplied cSUSHI, cMKR, cYFI, cAAVE, cTUSD, cSAI can claim these erroneous COMP rewards. And SPOILER ALERT: Lots of people did!
This particular Comptroller instance had 280k COMP tokens that’s worth $162million. Naturally panic ensued shortly after the contract was deployed, all because of a missing equal sign!
Timeline:
- 22nd Sept, 2021:
- Proposal 62: Split COMP rewards distribution and bug fixes submitted by contributor Tyler Loewen. Nobody thinks anything of the technical change that says “An upgrade hook initializes all non-initialized market state indices (initial index is 1e36)”
- 30th Sept, 2021:
- Proposal 62 passes by 729,781 votes and is approved for deployment
- Compound noticed unusual activity regarding distribution of COMP
In the midst of all this someone claims $29 million worth of COMP rewards . Since COMP is an ERC-20 token it can be easily swapped and has an intrinsic value.
Here is the etherscan transaction: https://etherscan.io/tx/0xf4bfef1655f2092cf062c008153a5be66069b2b1fedcacbf4037c1f3cc8a9f45
- 30th Sept, 2021 (contd)
- COMP token value drops by 9.3%
- Since this is a decentralised protocol. There are no admin controls or community tools to disable the COMP distribution; All compound team could do is watch COMP tokens drain away
- Compound founder Robert Leshner posts an impulsive tweet threatening he will report incorrect claims to the IRS. Also offering 10% as a white hat reward for those who plan to return the erroneous COMP tokens
- Compound blocks the web GUI to discourage people from claiming COMP tokens. But people can still access the smart contract via etherscan or Remix and tokens continue to drain.
- 3 Oct, 2021: Upon further assessment a total of 490K COMP tokens are found at risk of which the community returns 117K tokens.
- 9 Oct, 2021: Proposal 64 was executed, patching the COMP distribution bug. Total impact as below:
Current impact:
🙌 163k COMP were incorrectly claimed & returned to the community Timelock
🙌 130k COMP remained in the Comptroller, which could have been incorrectly claimed
😿 ~200k mis-allocated COMP are currently outstanding
— Robert Leshner (@rleshner)
Closing Thoughts:
As Mudit Gupta points out in his tweet, the bug was already present in the previous code base but the control flow made any difference since the default value for the reward was set to 0. In the latest revision, the default value was changed but the corresponding control flow of the code was not validated. It reiterated the need for re audit of the entire smart contract upon revision as this kind of logic error will never show up in git diff.
But at a fundamental level, is a system truly decentralised if it succumbs to a single point of failure caused by a community contributor? I’ll leave you with Compound Founder Robert Leshner’s words:
DeFiSolidity BugGoing forward, I’m optimistic about the patches making their way through the governance process, which fix the distribution, and the community members that are working to manage this bug.
Leave a Reply