Decentralized lending platform Compound was interrupted by a code bug in a recent governance proposal for its price feed update.
The code bug “temporarily froze” the Compound ETH (cETH) market, causing cETH transactions to revert. Faced with this incident, Compound Labs stated that although the user interface does not work, customer assets will not be in danger.
Compound Labs announced on August 31 that this code bug came from Proposal 117: Compound Oracle Upgrade v3. The proposal was implemented a few hours ago to update oracle contracts on the Compound protocol to a new version that uses Uniswap V3 instead of V2 for the price feed.
An hour ago, Proposal 117 was executed, which updated the price feed that Compound v2 uses.
This price feed, while audited by three auditors, contained an error that is causing transactions for ETH suppliers and borrowers to revert.https://t.co/a2DFk7h0ET
— Compound Labs (@compoundfinance) August 30, 2022
In response to the temporary cETH market freeze, Compound Labs said it restored the previous price feed through Proposition 119: Update Oracle. The new proposal was created less than an hour after Proposition 117 crashed, however, it now needs to go through a seven-day regulatory process before going into effect.
According to an update from OpenZeppelin security technician Michael Lewellen, the code error came from the “getUnderlyingPrice” function, which did not update the price of the cETH token, which would return empty bytes and cause the call to be reverted.
Read the following post for details on a Compound incident we are working to resolve for the cETH market. A fix is already underway and no funds are at risk at this time. The rest of the cToken markets on Compound V2 and all of V3 remain functional.https://t.co/CiSE3a99Wa
— OpenZeppelin (@OpenZeppelin) August 30, 2022
Lewellen also reaffirmed that no fund is at risk:
“The main issue now is that the temporary denial of service to the CETH market will be addressed by the new governance proposal. No funds are at risk at the moment. The rest of cToken on Compound V2 and V3 still works. ”
However, Lewellen added that “any user who has deposited ETH and received cETH to open loan positions must be aware that they may be immediately liquidated whenever a remediation proposal is implemented if at that time the price of ETH drops significantly.”
But Compound Labs CEO Robert Leshner also added that users can still pay any debt and add collateral to avoid liquidation.
Compound Labs noted that the code bug occurred even though Oracle contracts were audited from three separate smart contract auditing firms, including OpenZeppelin and ChainSecurity, which recently audited Compound’s smart contracts.
Proposal 117 itself is not a controversial proposal, with a total of 696,665 votes from 245 different wallet addresses in favor of upgrading the price feed. Cryptocurrency investment firm Polychain Capital voted the most with 306,146 votes in favor of the proposal.
According to DeFi Llama, Compound is the third largest decentralized lending platform, with a total value of $2.67 billion locked down (TVL). This issue has not affected the Compound token, which is currently priced at $48.27.