Compound discovers bug in new update, freezes cETH market Compound discovers bug in new update, freezes cETH market
Compound said users' funds are not at risk and it will take seven days to execute a fix proposal.
2 min read
Updated: Aug. 31, 2022 at 8:31 am UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
DeFi protocol Compound (COMP) discovered a bug in governance proposal 117 designed to upgrade its price feeds, forcing it to temporarily freeze the Compound ETH (cETH) market.
An hour ago, Proposal 117 was executed, which updated the price feed that Compound v2 uses.
This price feed, while audited by three auditors, contained an error that is causing transactions for ETH suppliers and borrowers to revert.https://t.co/a2DFk7h0ET
— Compound Labs (@compoundfinance) August 30, 2022
According to an August 30 Twitter thread, the bug made “transactions for ETH suppliers and borrowers revert.”
The team said that its users’ “funds are not immediately at risk” and added that its interface is currently not accessible due to the “price discrepancy.”
According to Compound Lab’s CEO Robert Leshner, users at liquidation risk can still add Ether collateral. He said:
“No users should be at risk of liquidation or at risk of losing funds.”
Proposal 117 was designed to update the oracle contracts on the lending protocol to a new version that uses Uniswap V3 instead of V2 for price feeds. GFX Labs proposed it on behalf of ChainLink.
The proposal was audited by OpenZeppelin, Dedaub, and ABDK, who all missed the bug.
The bug
An OpenZeppelin update revealed that the “getUnderlyingPrice” function caused the bug. It continued that the cETH market did not have this function as assumed by the oracle upgrade.
The function returns empty bytes whenever it is called, thereby reverting transactions.
OpenZeppelin wrote that:
“The primary issue right now is a temporary denial of service for the cETH market which will be resolved by the new governance proposal. No funds are at risk at this time. The rest of the cToken markets on Compound V2 and all of V3 remain functional.”
Proposal 119 to revert the upgrade
According to available information, GFX Labs submitted proposal 119 to revert the upgrade less than an hour after noticing the bug.
The proposal would be passed and executed after a seven-day governance process.
Meanwhile, the bug appears not to have had any immediate impact on the price performance of Compound’s COMP token. The token has been on a red candle run for the last 30 days. Its value declined by around 4% to trade at $48 over the previous 24 hours.
Mentioned in this article
Posted In: DeFi
Author 
Oluwapelumi Adejumo
Oluwapelumi values Bitcoin's potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.
In this article
Ethereum is a decentralized, open-source blockchain platform that enables the creation of smart contracts and decentralized applications (DApps).
Compound
$55.2998
Compound (COMP) is an ERC-20 asset that powers the community governance of the Compound protocol; COMP token-holders and their delegates debate, propose, and vote on changes to the protocol.
Chainlink
$13.9668
Chainlink is a decentralized oracle network that connects smart contracts on the blockchain to real-world data.
Compound
Compound is an open-source, autonomous protocol built for developers, to unlock a universe of new financial applications.
Robert Leshner is the founder and CEO of Compound, an open-source, autonomous protocol built for developers, to unlock a universe of new financial applications.
