Compound Finance Bug

The $90 million equal sign – Compound Finance COMP Distribution Bug

Rahul Ravindran

As of today, there is about $103.94B locked across all DeFi protocols. While that is great news for a decentralised economy, another way to interpret the fact is that about $103.94B is at stake, riding on potentially error prone smart contracts. On 30th Sept 2021, a single equal sign cost Compound Finance $90 million.

DeFi Total Value Locked
DeFi Total Value Locked

Background

The vast majority of cryptocurrencies sit idle on exchange platforms, doing nothing for their holders. Compound looks to change this with its open lending platform, which allows anybody who deposits supported Ethereum tokens to easily earn interest on their balance or take out a secured loan โ€” all in a completely trustless way. Simply put, compound generates interest on your crypto Ethereum based assets by lending it to borrowers.

How it works

Positions (supplied assets) in Compound are tracked in tokens called cTokens, Compound’s native tokens. cTokens are ERC-20 tokens that represent claims to a portion of an asset pool in Compound. By locking up ERC20 assets in the Compound protocol, depositors receive an equivalent amount of respective cTokens as collateral.

How Comopund Finance Works
How Comopund Finance Works

Although it sounds complicated, if you rethink the underlying principle it is very similar to how asset appreciation works. Take investing in gold for example, when you buy $100 of gold you get some amount of physical gold in exchange. Assuming the value of gold increases over time, you get more than $100 when you sell it in the future.

Compound Finance Architecture

COMP TOKEN

COMP the native ERC-20 for compound finance. COMP token that allows the owner to delegate voting rights to any address, including their own address. Changes to the ownerโ€™s token balance automatically adjust the voting rights of the delegate.

The Compound protocol is governed and upgraded by COMP token-holders, using three distinct components; the COMP token, governance module (Governor Bravo), and Timelock. Together, these contracts allow the community to propose, vote, and implement changes through the administrative functions of a cToken or the Comptroller. Proposals can modify system parameters, support new markets, or add entirely new functionality to the protocol.

Suppliers and borrowers are rewarded for their participation in the protocol by distributing COMP token per Ethereum block

The Comptroller

This distribution is controlled by the aptly named smart contract Comptroller. Comptroller is implemented as an upgradeable proxy. Any changes to the protocol require a 7-day governance process to make their way into production.

The compound architecture illustrated below:

Compound Finance Architecture
Compound Finance Architecture

The Bug

cSUSHI, cMKR, cYFI, cAAVE, cTUSD, cSAI had zero comp rewards before the market was initialized or migrated. Proposal 62 adds a feature to reward COMP to suppliers of these tokens. This was done in the distributeSupplierComp function:

Comptroller Source Code
Comptroller.sol Source Code

In the highlighted IF statement the condition should have been >= rather than >. Since the if block is not triggered, supplierIndex remains 0 while supplyIndex is 1e36. The delta of the indexes becomes 1e36 and the protocol pays out rewards for 1e36 indexes rather than the intended zero rewards.

This means, anyone who has supplied cSUSHI, cMKR, cYFI, cAAVE, cTUSD, cSAI can claim these erroneous COMP rewards. And SPOILER ALERT: Lots of people did!

This particular Comptroller instance had 280k COMP tokens that’s worth $162million. Naturally panic ensued shortly after the contract was deployed, all because of a missing equal sign!

Timeline:

  • 22nd Sept, 2021:
    • Proposal 62: Split COMP rewards distribution and bug fixes submitted by contributor Tyler Loewen. Nobody thinks anything of the technical change that says โ€œAn upgrade hook initializes all non-initialized market state indices (initial index is 1e36)โ€
  • 30th Sept, 2021:
    • Proposal 62 passes by 729,781 votes and is approved for deployment
    • Compound noticed unusual activity regarding distribution of COMP

In the midst of all this someone claims $29 million worth of COMP rewards . Since COMP is an ERC-20 token it can be easily swapped and has an intrinsic value.

Stealing $29 million worth of COMP rewards

Here is the etherscan transaction: https://etherscan.io/tx/0xf4bfef1655f2092cf062c008153a5be66069b2b1fedcacbf4037c1f3cc8a9f45

  • 30th Sept, 2021 (contd)
    • COMP token value drops by 9.3%
    • Since this is a decentralised protocol. There are no admin controls or community tools to disable the COMP distribution; All compound team could do is watch COMP tokens drain away
    • Compound founder Robert Leshner posts an impulsive tweet threatening he will report incorrect claims to the IRS. Also offering 10% as a white hat reward for those who plan to return the erroneous COMP tokens
    • Compound blocks the web GUI to discourage people from claiming COMP tokens. But people can still access the smart contract via etherscan or Remix and tokens continue to drain.
  • 3 Oct, 2021: Upon further assessment a total of 490K COMP tokens are found at risk of which the community returns 117K tokens.
  • 9 Oct, 2021: Proposal 64 was executed, patching the COMP distribution bug. Total impact as below:

Closing Thoughts:

As Mudit Gupta points out in his tweet, the bug was already present in the previous code base but the control flow made any difference since the default value for the reward was set to 0. In the latest revision, the default value was changed but the corresponding control flow of the code was not validated. It reiterated the need for re audit of the entire smart contract upon revision as this kind of logic error will never show up in git diff.

But at a fundamental level, is a system truly decentralised if it succumbs to a single point of failure caused by a community contributor? Iโ€™ll leave you with Compound Founder Robert Leshner’s words:

Going forward, I’m optimistic about the patches making their way through the governance process, which fix the distribution, and the community members that are working to manage this bug.

0 Comments

Leave a Reply

More great articles

Defi Ecosystem Explained

DeFi is short for Decentralized Finance. DeFi is the ecosystem of fintech apps built on top of blockchain protocols and…

Read Story

Crypto Predictions for 2022

Despite the recent price plunge experienced in the first week of January, the price prediction for the large cryptocurrencies still…

Read Story

How To Perform Custom Ethereum Flash Loans Using Solidity (ERC 3156 Standard)

What will I learn? Connecting and using an Ethereum testnet What is a flash loan (ERC 3156) Flash loan interfaces…

Read Story

Never miss a minute

Get great content to your inbox every week. No spam.
[contact-form-7 id="6" title="Footer CTA Subscribe Form"]
Arrow-up