Several risks to be paid attention to when depositing interest on Compound

Author: Ameen Soleimani

Translation & Proofreading: Aisling & Ajian

Source: Ethereum fans

You may have heard of the blockchain startup Complex. They created based on Ethereum, where individuals can lend their ETH, DAI, USDC and some other ERC20 digital assets to earn interest.

Today, the interest rate offered to DAI lenders is 10%, which is high enough to turn EthHeads' heads (see cover photo).

Today, the interest rate of the DAI lender is 10%, which is enough for the ETH holder to look at it (as shown in the cover image).

As the CEO of SpankChain, it is my responsibility to manage the company's reserves including nearly 500,000 DAI. If we don't put our DAI on the Compound platform, we will lose nearly $4,000 per month at 10% per annum. This is a considerable opportunity cost. But the investment needs to keep in mind: there is no free lunch in the world. All investments are risky, and lending on the Compound platform is no exception.

Last month, I spent some time evaluating several types of risks that existed through the Compound platform lending:

  1. Smart contract security risk
  2. Centralized single point of failure
  3. Bank run risk

I have divided the survey into the following categories, but the most important thing to understand first is:

  1. Smart contract security is almost completely fine.
  2. Compound is a managed system, and if the private key of the lending pool administrator leaks, all assets in the lending pool will be stolen.
  3. Loaning on Compound does not guarantee that assets can be withdrawn at any time . If you try to withdraw your assets, but all assets are locked in the outstanding loan at the time, your withdrawal transaction will fail.

– I hope these investors can understand these risks… Source: –

Contract security


Several well-known smart contract security companies have audited Compound.
  1. OpenZeppelin Audit Report
  2. Trail of Bits Audit Report
  3. Certora Audit Report

In addition, Compound also offers a $250,000 discount for serious vulnerabilities (a bounty of 1% of stolen funds or 10% of frozen funds). As far as I know, no independent security researchers have obtained this. Pen bounty.

The contract holds assets of at least $20 million for at least six months, more than $50 million for at least two months, and currently holds more than $100 million in assets under the contract. For me personally, the most important indicator of contract security is the contract holding total assets × contract time to save assets. So far, the safety of Compound has been proved by a large number of public assets.

Based on the above factors, I currently think that the Compound Smart Contract is safe.

Centralized single point of failure


Since I am not a smart contract security expert myself, I am asking for help from Samczsun – Samczsun is known for discovering a key bug in the 0x contract (when the 0x contract has been reviewed by top companies), he also Received $100,000 in compensation. Regarding Compound's centralized single point of failure (the focus of my attention), he provided the following report:

Compound v2 has four different management functions, which are assumed by three addresses:

  • There is one administrator for each cToken. Currently, all cToken administrators are set to 0x8B8592E9570E96166336603a1b4bd1E8Db20fa20
  • Each cToken has an instructor (comptroller) that is currently set to 0x3d9819210A31b4961b30EF54bE2aeD79B9c9Cd3B. Unitroller also has an administrator, currently set to 0x8B8592E9570E96166336603a1b4bd1E8Db20fa20
  • The current price oracle has an anchor manager and a poster, set to 0xF06e41aDD8A7E7A8aD81a07C0ACA291E4573ca50 and 0x3c6809319201b978D821190Ba03fA19A3523BD96, respectively.

As long as you get a cToken administrator, an attacker can replace the Ombudsman implementation and then do one or more of the following:

  • Return false via the transferAllowed function to prevent the transfer of existing cTokens
  • Return true by transferAllowed function to transfer cTokens as collateral
  • Return false via the mintAllowed function to prevent new cTokens from being generated
  • Return false via redeemAllowed function to prevent redemption of existing cTokens
  • Return false by repayBorrowAllowed function to prevent repayment of existing loans
  • Return false by liquidateBorrowAllowed function to prevent clearing loan
  • Return true by the seizeAllowed function to steal user cTokens
  • Return false by the borrowAllowed function to prevent borrowing of the underlying asset
  • Draw all the underlying assets by returning true with the borrowAllowed function

With the administrator of cToken, the attacker can also replace the interest rate model to achieve:

  • Increase borrowing costs (ie block interest rate) to 0.0005% / block
If you can get the administrator of the Unitroller agent, the attacker can:
  • For all cTokens using Unitroller (currently 100%), replace the Unitroller with the same attack as replacing the cToken ombudsman
  • Get more tokens during liquidation by changing the clearing incentives
  • CTokens lending at a lower price than the actual price by changing the price oracle (eg ETH, WBTC, etc.)
  • By changing the pledge information of a cToken, combined with the ability to add a cToken and change the price oracle, an attacker can make a mortgage through the tokens they create, stealing the entire assets of the system.

If you can get the anchor administrator of the price oracle, the attacker can:

  • Make the price of an asset deviate from 10% of its real price
If you can get the poster qualification of the price oracle, the attacker can:
  • Every hour makes the asset price deviate from 10% of its stored value
If both the administrator and the poster qualification for the price oracle are available, the attacker can:
  • Set asset price to any value

Summarize the report of Samczsun: The Compound contract is designed to be properly upgraded by a central administrator. The most important contract is the proxy contract, which points to the logical contract address that contains the logical implementation, and the administrator has the right to modify the address pointer at will. Since all cTokens use the same administrator, if the administrator private key is compromised, all assets pledged in Compound can be easily stolen.

Some of the more awkward attacks are also mentioned in Sam's report, if an attacker has such an opportunity – it can take away all the money faster than implementing a more complex attack.
OpenZeppelin has effectively summarized them in their Compound audit profile.

However, a malicious administrator or an administrator who has stolen a private key has the ability to freeze the market, review transactions, and even steal all assets from the system. Similarly, controlling the asset price predictor can steal most of the system even if it cannot steal all of the system's assets. Currently, all real-time market administrators are the same external account.

But interestingly, the Trail of Bits team did not mention this in any related materials. In addition, Compound's FAQ underestimates administrator privileges and does not provide any warning that administrators may steal all assets:

The developer of the agreement, Compound Lab, Inc., currently controls the Ethereum address: 0x8b8592e9570e96166336603a1b4bd1e8db20fa20, which is the administrator address. The administrator address has the right to add new assets, update the price oracle, update the interest rate model, and update the protocol risk model.

Another thing to note is that the current managed settings of the Compound itself do not cause the system to be unsafe. They will try to maintain administrator key security, and it is very likely (hopefully) that they are working with the best hosting providers that are available for $8.2 million in seed round financing. But there is no doubt that I will take this into consideration when deciding to deposit 500,000 DAIs.

Bank run risk

The tweet of Dharma's COO before the competitive lending platform opened the door to the new world and made me understand the bank run risk of platforms like Compound.

The utilization shown in the above tweet is as high as 98.62%, which means that at the time, 98.62% of the DAI stored by the lender has been lent. Only 1.38% of the DAI can be taken out, so at that time, only a small percentage of the lenders could reclaim their deposited DAI as they wish.

If enough DAI creditors (cDAI holders) want to reclaim the DAI they deposit at the same time, their withdrawal operation will exhaust all available DAI and increase DAI utilization to 100%, thus preventing Further withdrawal operations. The lender who tries to withdraw will only see the transaction fail, and has to wait until more borrowers return the loan before making a withdrawal.

People will be concerned about the possibility of cDAI withdrawal cards, and their concerns may be self-fulfilling. That is to say, when a part of the cDAI holder tries to take out all the DAIs it has deposited at one time, a bank run will likely happen because many cDAI holders are worried about this.

The lender who is caught in the cDAI bank run can choose to wait for the DAI and then sell the cDAI to get the DAI, but this will incur a fee, and if many other lenders are also selling cDAI, the price may be even more difference. If the lender chooses to wait for the crisis to end and continue to hold cDAI, they will still be able to enjoy the interest earned on the loan during this period.

How does Compound solve this problem?

The Compound team handles this flow risk directly, and they are described in the white paper:

The agreement does not guarantee liquidity; instead, it relies on an interest rate model to motivate. In periods of extremely high demand for assets, the liquidity of the agreement (the tokens that can be used for withdrawals or lending) will decrease; in this case, interest rates will rise, stimulating supply and curbing lending.

Compound determines the borrower's interest rate for each cToken based on the cToken-specific “interest rate contract”. The contract currently implements the interest rate model for cDAI. The formula is: Borrower Annual Interest Rate = Base Rate + (Multiplier * Utilization)

For cDAI, the base rate = 5% and the multiplier = 15% (these values ​​are hardcoded into the contract). When the utilization rate is 100%, the interest paid by the borrower is 20%. This means that when the DAI utilization is maximized, the borrower's capital cost is only 20% – so if they believe that ETH (loan collateral) will increase by more than 20% this year, they have no incentive to repay the loan. This may cause many cDAI holders to continue to hold cDA for a long time.

The only tool that Compound can handle this problem is to use the centralized administrator to upgrade the interest rate model, which is the solution they used when the utilization rate rose to 99% six weeks ago (in the same period as the tweets cited above).

In summary, when the utilization rate reaches the maximum, there is a liquidity crisis and an imminent bank run risk. The only thing the lender can do is to hope that Compound can update the administrator's privilege and increase the interest rate, thus encouraging the borrower to repay the loan and further increase the desire. The liquidity required by the lender to exit.



Protocols like Compound maintain a delicate balance between centralization and decentralization, and it needs to weigh the ability to quickly upgrade and the centralized single point of failure that must be introduced.

I don't think that Compound chooses the way to centralize its products is wrong (because this method is obviously effective, otherwise I will not write this article), but I really hope that the smart contract contains 10 million to 100 million Projects in the US dollar can be carried out to the highest standards, especially in communicating risks and warnings to users.

Basically, we should support and encourage the project to do the opposite of Robert Leshner (the CEO of Compound):

Centralization may be technically correct, but we all know that there are many ways to compromise administrators…

Now I still don't think about whether I want to store my managed DAI in the Compound. Maybe I will try water with 100,000 DAI first? What will happen? In Compound We Trust!

Thanks to Eva Beylin for feedback and editing! (Finish)

Original link:


Author: Ameen Soleimani

Translation & Proofreading: Aisling & Ajian