The decentralized lending platform Compound faces a critical situation after executing its latest governance proposal, revealing an abnormal COMP token reward distribution bug. Up to 280,000 COMP tokens (worth ~$90M) could be impacted, causing prices to briefly drop below $300. The team and community are now navigating complex repair efforts amid mandatory 7-day governance delays.
Proposal 62: The Catalyst
Community-led Proposal 62 modified COMP mining rewards from a 50/50 borrower-lender split to governance-set ratios. This addressed negative interest rates in non-stablecoin markets while patching minor vulnerabilities.
The Reward Distribution Bug
Post-implementation, Compound Labs and community members identified a critical flaw causing excessive COMP rewards distribution. Proposal 63 was immediately submitted to pause claims until fixes are implemented.
👉 How Compound governance works
Key details:
- No funds at risk: Only reward allocation affected
- Worst-case scenario: 280,000 COMP (~$89M) could be erroneously distributed
- Comptroller contract has limited COMP reserves (0.5 COMP/block emission rate)
Governance: Strength Becomes Weakness
Founder Robert Leshner explained:
- Proposal code was community-written and audited
- No admin controls exist to stop distributions
- All changes require 7-day governance processing
- Dilemma: Proposal 63's fix won't execute for 7 days, affecting legitimate rewards
Community Reactions
Kain Warwick (Synthetix):
"Excellent example of timelock tradeoffs. New governance models allow tokenholders to override locks with sufficient votes."
Controversial IRS Threat:
Leshner later suggested reporting unrecovered COMP as taxable income, sparking DeFi principle debates. He later apologized for the approach.
October 4 Update: New Vulnerabilities Found
Yearn core developer banteg revealed:
- Someone triggered the Reservoir contract's
drip()function, releasing $68.8M COMP to Comptroller - ~25% of these funds could be drained through remaining vulnerabilities
Leshner confirmed the risk but expressed confidence in governance-based solutions through Proposals 63/64.
Key Takeaways
- Governance tradeoffs: Decentralization vs. emergency response speed
- Technical complexity: Multiple interacting smart contract risks
- Community dynamics: Balancing incentives with protocol health
- Market impact: COMP dropped 7% post-revelation, later recovered
FAQ Section
Q: Are user funds safe?
A: Yes, only reward distribution is affected - collateral and loans remain secure.
Q: How long will fixes take?
A: Minimum 7 days due to governance requirements, plus development time.
Q: What should users do?
A: Monitor official channels and consider voluntarily returning excess COMP.
Q: Why can't the team fix this faster?
A: Compound's decentralized design intentionally removes admin controls.
Q: How might this change DeFi governance?
A: Could spur innovations in emergency response mechanisms without compromising decentralization.
Ongoing Developments
- Community developing restart plans for liquidity mining
- Some users returning excess COMP voluntarily
- COMP price stabilized at $323 after initial drop
- Legal counsel departure (unrelated to incident)
Risk Disclosure: Cryptocurrency investments carry substantial risk, including potential total loss. Prices are highly volatile - assess your risk tolerance carefully.