The decentralized finance protocol (DeFi) Compound (COMP) has paid out the equivalent of $80 million to several users in error. After analysis, a single character inaccuracy in the protocol is to blame for the generous gift.
Compound users win the jackpot
Compound (COMP) paid out the equivalent of $80 million to several users in error. The decentralized lending protocol reported a flaw in the distribution of liquidity mining rewards. One of the liquidity providers claims to have received the equivalent of $20 million in rewards.
Upon analysis, a single-character error in the protocol is to blame for this generous gift. Specifically, a “>” instead of a “>=” is to blame.
Compound acknowledged the vulnerability on its Twitter account and said that no user funds were at risk. Similarly, Compound founder Robert Leshner acknowledged the vulnerability in a tweet, saying “at worst only 280,000 COMP tokens at risk of being claimed in error.”
He also noted that there are no community controls or tools to disable COMP distribution. In fact, any changes to the protocol require a 7-day governance process before being released to production. Currently, the Compound team is evaluating potential steps to fix the COMP distribution. The proposal will likely be adopted on October 7, 2021.
A moral dilemma for users
Compound’s founder explained that the $80 million bug poses a “moral dilemma” for DeFi users.
If a decentralized finance protocol accidentally gave you millions of dollars in tokens, are you obligated to give them back? Robert Leshner argues that’s exactly what users should do. However, he explained:
“What makes it difficult is that I and our team are completely powerless. We just have to sit back and watch this moral dilemma unfold.”
The founder has offered to the people who will show good faith to keep 10% of the funds.