certify
Home arrow Article arrow Article Detail

A Bug was exploited in the DeFi Lending Protocol Compound’s Controller contract.

Profile Image

Pavan A Follow

INDIA

Oct, 05 2021

Oct, 05 2021

likes | comments 0

Article Image

Founder of DeFi Lending Protocol Compound, Robert Leshner discovered a “moral dilemma” in his smart contract just a week ago.

On Sunday morning, a flawed Compound Finance contract that was supposed to disburse liquidity mining rewards over time transferred $68 million in tokens.

Four significant transactions have drained the pool of 64,997 COMP, or $21.4 million, a core developer at Yearn. Finance tweeted about the attack. One of these transactions resulted in a withdrawal of 37,504 COMP ($12.3 million). Only “addresses with the buggy state can drain,” according to Twitter user, Bantag. Another five addresses might claim $45 million, “emptying the Comptroller.”


“The best-kept secret in Defi is out, someone called drip () on Compound’s Reservoir, which transferred another $68.8 million in COMP to Comptroller,” the Twitter user adds.

He goes on to say that he ran the calculations and it appears like around a quarter of that may be drained. “It looks that my estimate was low because of stale data in accruedComp.” So far, four people have been able to collect $21.5 million, but there could be more money up for grabs. There isn’t a quick way to check all addresses.

One ETH address claimed 37,504 tokens worth $12 million at 9:30 a.m. ET, while another claimed 14,995 tokens worth $4.9 million. The funds were claimed by MakerDAO DSProxy factory contracts are currently split between two addresses.

The total amount siphoned has now reached $22 million, as per additional claims of 9,499, 1,699, and 2,999 COMP.

Following a recent upgrade called Proposal 062, the Comptroller pool began giving out 280,000 COMP to the wrong people last week. However, due to the nature of Compound’s governance, it takes seven days for them to fix the error.


likes | comments 0

Profile Image

Pavan A

CBW - External Analyst

INDIA

Comments
Data Centre Construction - World First artificial intelligence AI-Tech Utility Token
banner
Article
Robinhood Delists Cardano, Polygon and Solana Following SEC Labeling Them As Securities

Following this week's accusations filed by the US Securities and Exchange Commission against two significant cryptocurrency exchanges, the brokerage business Robinhood has chosen to delist few firms;

Disclaimer: The information is for informational purposes only.​ This advertisement does not constitute financial advice or any other advice. You should consult with a financial professional to determine what may be best for your individual needs. None of the information and/or content available through this advertisement is intended as an offer or solicitation of an offer to buy or sell, or as a recommendation, endorsement, or sponsorship of any company, financial product, security or commodity. To the maximum extent permitted by law, we disclaim any and all liability in the event any information, commentary, analysis, opinions, advice and/or recommendations prove to be inaccurate, incomplete or unreliable or result in any investment or other losses. In Making the investment decision, investors must rely on their own examination of the issuer and the terms of the offerings, including the merits and risks involved. Investments are speculative, illiquid, and involve a high degree of risk , including the possible loss of investment.