As the decentralized finance (DeFi) market continues to attract the interest of investors around the world, several incidents have drawn great attention to the vulnerabilities that various platforms operate in. Movement in this area is in constant contact.
For example, it was recently revealed that the popular DeFi Cryptocurrency Market Compound has exposed approximately $ 150 million worth of native COMP tokens to the risk of being hacked by a third party due to a faulty system upgrade.
Although the bug was spotted fairly early on when Compound’s developers filed a fix to the protocol shortly afterwards, it’s worth noting that the upgrade is time-out for seven days, so no fix for the protocol was released until October 7th. The fix proposal has been successfully adopted and is due to be implemented on October 9th, but that may not be the case should this be the end of this story.
After the bug was discovered, Compound founder Robert Leshner took to Twitter and admitted that approximately $ 64 million worth of COMP, valued at press time, was at risk as the exchange’s “drip” function for the first time since more than 60 years working again days. The trickle function was developed to provide users with all tokens that are in a reservoir of a compound with 0.5 COMP cumulatively through the reservoir per block.
After the incident, Leshner Note that the majority of all COMP tokens in existence today – currently “reserved for users” – are held in the platform’s reservoir system mentioned above. This revelation could have played a big role in reducing the value of COMPs, causing the price of COMP to quickly drop from $ 330 to $ 286 after the initial flaw was identified, only to rebound sharply afterward, according to the report Pro.
However, the token has been steadily declining since October 3, with the digital asset’s value falling from a price of around $ 350, increasing its 30-day loss by a staggering 40% from a local high of around $ 525. decreased.
When asked how serious the problem is and what he thinks could happen to the platform’s native assets in the next few days, Leshner told Cointelegraph that was all. when “fully” mentioned, it therefore declined to comment further on the matter.
The DeFi community has a voice
To get a better idea of what this whole incident means for the crypto ecosystem as a whole, Cointelegraph reached out to Winston, a moderator nicknamed the energy aggregator. DeFi’s agricultural productivity is Harvest Finance. In their view, while the community has been fairly honest about the return of the majority of the funds for the most part, they have not always been able to rely on underwriting platforms.
He added, “There is no doubt that this bug could have been better resolved by the team, but it also shows that these ‘security features’ can sometimes hinder rather than support a project.” Winston went on by saying that he hopes lessons will be learned from this:
“Many protocols will investigate the benefits of a shorter lockout time, not only to prevent such things, but to make them more flexible and faster.”
SushiSwap developer Mudit Gupta has criticized Compound’s use of time locks for administrative purposes, claiming that only about 100 people have been aware of the Drip threat since it was launched, the bug was discovered on September 30th since then no action taken by a time delay function.
Gupta went on warning DeFi users of the various risks associated with upgradeable smart contracts stated that they are by no means “great” by their own design. [DeFi] Primitive. He also sees “upgradeability more as a bug than a feature”.
That being said, it’s worth noting that SushiSwap also recently received a $ 3 million hack in which a nefarious third party broke the platform’s MISO token launch pad supply chain. Not only did reports of a hacker surfaced at the end of September identify a vulnerability that could compromise over $ 1 billion in user funds held by SushiSwap.
Technical errors are not new
George Harrap, co-founder of the Solana-based portfolio visualization platform Step Finance, told Cointelegraph that crypto bugs, mining and hacks are not really new in this area, adding that such cases are only part of an industry where everything is digitized.
Also in a tweet, Leshner grant A strong warning to recipients of defective tokens stating that any unlawful redemption could have real world repercussions – primarily in the form of action taken by the IRS through the United States Service (IRS). In this regard, Harrap said:
“The reaction of the founder of Compound is more interesting than the mistake he threatened DOX users with. This is not a prime example of DeFi, and I think this is a reason for many to reconsider their involvement in Compound. “
An alternative to this problem, Rotem Yakir, DeFi developer at Orbs, a public blockchain infrastructure designed to be tightly integrated with Ethereum Virtual Machine (EVM) -based layers, told Cointelegraph that the compound story is an important reminder of the disadvantages of Since this is a completely decentralized platform, the statement cannot be elaborated any further. However, he added:
“Comp is one of the most prominent projects in the DeFi space and while this can hurt, it won’t kill them and they will eventually get stronger.”
It’s worth noting that despite Leshner’s tweets claiming that around 117,000 COMPs – valued at $ 37.6 million – were returned to the log after the first bug was discovered, developer Yearn.finance banteg Note that a third of the funds compromised by the trickle function were requested by users on Sunday around 3:30 p.m. UTC.
According to Banteg estimates, the total value of COMP tokens compromised as a result of this bug is now a whopping $ 147 million.
Related: DAOs can solve important dilemmas but need more education
With all of this stellar data now open to everyone, the incident has the potential to set a precedent for how such incidents can develop in the DeFi ecosystem. DeFi enthusiasts hope that the situation will be resolved, especially after the votes on the proposed solution are successful – with lost assets hoping to return to the right places in the industry.