How the tiniest of errors resulted in an $80 million loss for Compound Finance

How the tiniest of errors resulted in an $80 million loss for Compound Finance

How the tiniest of errors resulted in an $80 million loss for Compound Finance

Compound Finance rolled out Proposal #62 on Wednesday to implement “Dynamic COMP reward distribution,” and patch a number of minor bugs.

However, soon after executing the upgrade, Compound Labs reported “unusual activity,” resulting in some users being able to claim more $COMP tokens than allowable.

Having looked into the contract, smart contract auditor Kurt Barry said the bug resulted from the tiniest of errors. He added that this minor mistake cost Compound Labs tens of millions.

But how tiny was this error?

Ethereum’s Solidity language is unforgiving

Solidity is an object-orientated programming language, meaning it organizes design around objects and data. As opposed to function and logic.

It has similarities to C and C++ so it’s relatively simple to learn. And given the number of programmers who are already familiar with C and C++, transitioning to Solidity doesn’t take much.

However, this imperative approach has risks in that programmers must tell the code exactly what to do at every stage. And a mistake, even a tiny omission leaves the smart contract open to vulnerabilities.

“With an imperative approach, a developer writes code that specifies the steps that the computer must take to accomplish the goal. This is sometimes referred to as algorithmic programming. In contrast, a functional approach involves composing the problem as a set of functions to be executed.”

In this case, Barry’s investigation showed that Compound’s Proposal #62 error was due to the programmer missing an “=” sign in two locations.

“Smart contracts are unforgiving of the tiniest errors…COMP bug is a tragic case of “>” instead of “>=” (in two code locations). Two characters, tens of millions of value lost.”

Critics will argue that Compound’s audit and testing process should have been more thorough. However, isn’t this another example of Solidity’s flaws, which get magnified when millions of dollars are at risk?

What is the Compound Finance Proposal #62?

Previously, the Compound Finance rewards rate was the same rate for both suppliers and borrowers, and this fostered problems such as negative interest rates when borrowing particular assets.

Proposal #62 intended to split the COMP distribution to liquidity suppliers and borrowers based on governance-set ratios rather than an equal 50/50 share model.

“This proposal changes the Comptroller logic to have two different COMP distribution rates for each and every market – borrow-side (compBorrowSpeeds) rate and supply-side (compSupplySpeeds) rate.”

However, the bug contained within the upgrade enabled some users to claim more $COMP tokens than allowable.

At this stage, exact details of the loss are unknown. However, Compound CEO Robert Leshner states the worst-case scenario is an overclaim of 280,000 COMP tokens, equating to $82,880,000 at today’s price.

Источник cryptoslate.com

Читать также:


Op-Ed: How will crypto IDOs influence startup funding?

An Initial DEX Offering (IDO) refers to any cryptocurrency being launched on a decentralized exchange (DEX). With such …


Why a 6-month-high Bitcoin open interest could spell trouble

Data from blockchain intelligence firm IntoTheBlock shows Bitcoin perpetual swap open interest (PSOI) hit close to $18 billion …


Op-Ed: Can crypto help reduce environmental impact?

The advent of cryptocurrencies has revolutionized the work of businesses and industries all over the world, including the …


How the innovative use of crypto NFTs can help battle climate change

The pressure is mounting on countries to cut emissions and limit global warming to 1.5 degrees. Although these …


Avalanche DEX Trader Joe turns to Chainlink for new lending platform ‘Banker Joe’

Avalanche DEX Trader Joe today announced the launch of Banker Joe, new lending and borrowing platform powered by …


Here’s why Cardano (ADA) average transaction fees are up 1,500% in the past year

Data from Messari shows, over a year, average transaction fees on the Cardano network have increased from $0.03 …