Compound's Drama and Governance Attacks 101

By Michael @ CryptoEQ | CryptoEQ | 30 Jul 2024

You are reading an excerpt from our free but shortened abridged report! While still packed with incredible research and data, for just $40/month you can upgrade to our FULL library of 60+ reports (including this one) and complete industry-leading analysis on the top crypto assets. 

67cbbf4723857b85c151585aa280e6d940346c501cef75bafd7dea02b44b24c9.png

Becoming a Premium member means enjoying all the perks of a Basic membership PLUS:

  • Full-length CORE Reports: More technical, in-depth research, actionable insights, and potential market alpha for serious crypto users
  • Early access to future CORE ratings: Being early is sometimes just as important as being right!
  • Premium Member CORE+ Reports: Coverage on the top issues pertaining to crypto users like bridge security, layer two solutions, DeFi plays, and more
  • CORE report Audio playback: Don’t want to read? No problem! Listen on the go.

 

Compound Governance 101

Compound aims to provide a trustless money market for the cryptocurrency ecosystem while eliminating the central points of failure and reliance on centralized companies that are standard in traditional finance. However, Compound initially began as a tokenless protocol until launching its own governance token in June 2020. This meant that the Compound team held unilateral power on any protocol changes or upgrades when it first came into existence during 2018.

Since then, the Compound team has taken several gradual steps to remove themselves from a position of authority. After a multi-year rollout, Compound is now fully controlled by COMP holders with no remaining privileges held by Compound Labs.

With the launch of the Compound (COMP) ERC-20 token, the Compound community became empowered over the governance of the Compound protocol. COMP token-holders and their delegates propose and vote on all changes to the protocol. For instance, in May 2021, COMP token holders approved a governance proposal to add TUSD and LINK as supported markets. Since then, the TUSD market has grown to $100M on Compound, while the LINK market has grown to ~$160M. 

The caveat within a DeFi project is that they are initially developed by companies, which means that full control over the smart contract development resides within the company, which in turn takes away from the decentralization aspect. Robert Leshner stated that the unilateral power, in the beginning, was intentional but temporary. Robert Leshner further delineates that Compound began with centralized control for security reasons, but over time, the power will fully be in the hands of the user community. The powers that will be transferred from a centralized point to a decentralized one are specifically mentioned in the Compound Whitepaper

  • The ability to list a new cToken market;
  • The ability to update the interest rate model per market; 
  • The ability to update the oracle address; 
  • The ability to withdraw the reserve of a cToken; and
  • The ability to choose a new admin, such as DAO controlled by the community; because this DAO can itself choose a new admin, the administration has the ability to evolve over time, based on the decisions of the stakeholder.

The Compound protocol has transformed into a permissionless and autonomous project with the use of COMP tokens.

Compound’s attempt to transition to a more decentralized system from top to bottom has been through the release of its governance token, COMP.  This allows holders of COMP to propose any protocol changes and vote on the implementation of new changes to the protocol without the administration of the Compound team. According to a Medium post by Leshner,  the COMP token also “allows the owner to delegate voting rights to the address of their choice: the owner’s wallet, another user, an application or a DeFi expert.” Any user with 1% of COMP tokens delegated to their address is able to propose a governance action.  This creates an autonomous process in which voters are just as valuable as the board of directors in a traditional corporation. 

In the Compound Whitepaper, Leshner and Hayes explain the downfalls and consequences of a centralized exchange like Bitfinex or Poloniex:

“Centralized exchanges (including Bitfinex, Poloniex...) allow customers to trade blockchain assets on margin, with “borrowing markets” built into the exchange. These are trust-based systems (you have to trust that the exchange won’t get hacked, abscond with your assets, or incorrectly close out your position), are limited to certain customer groups, and limited to a small number of (the most mainstream) assets. Finally, balances and positions are virtual; you can’t move a position on-chain, for example, to use borrowed Ether or tokens in a smart contract or ICO, making these facilities inaccessible to dApps.”

COMP token-holders can delegate their voting rights to themselves or an address of their choice. If an address is delegated with at least 65,000 COMP tokens, that address is able to create governance proposals. Once a governance proposal is created, voting lasts for three days and a consensus is achieved when the majority of COMP tokens within the voting proposal is reached (a minimum of 400,000 votes must be cast). At the end of the entire proposal process, a change to the Compound protocol takes seven or more days. This is a flowchart of how the procedure of proposals works on Compound: 

Compound governance flowchart Source: Compound Governance

Compound Governance "Attack"

The decentralized finance (DeFi) sector has witnessed significant turbulence, marked by aggressive maneuvers from influential market players. A notable figure in this space is the whale known as Humpy, whose strategic actions have had profound implications for governance and tokenomics within DeFi protocols. This article delves into the history and methodology of Humpy's interventions, examining their impact on Balancer and Compound, and offering insights into the broader implications for DeFi governance models.

Humpy’s Initial Foray: The Balancer Governance Attack

During the DeFi Summer of 2022, Humpy executed a sophisticated governance attack on Balancer. By acquiring a substantial amount of BAL governance tokens and leveraging Balancer’s veBAL mechanism, Humpy gained significant control over BAL's incentive distributions to liquidity pools. This maneuver effectively positioned Humpy as the second-largest BAL token holder, trailing only the official team.

Understanding the veBAL Mechanism

The veBAL mechanism, inspired by Curve’s veCRV model, aimed to bolster Balancer’s tokenomics by allocating liquidity incentives through governance voting. Participants who locked their BAL tokens for extended periods could vote on the distribution of these incentives, thereby reducing the circulating supply and theoretically increasing the token's market cap. This design intended to stimulate community engagement and enhance the governance token’s value.

However, this system contained a critical flaw: it did not restrict the types of liquidity pools eligible for incentives, allowing any pool with sufficient votes to receive rewards, irrespective of its trading volume. This loophole created an opportunity for strategic exploitation.

Humpy’s Strategic Exploitation

Humpy's strategy involved two primary tactics. First, they gained control over a specific liquidity pool, ensuring the majority of rewards during liquidity mining. Second, they amassed a large number of BAL tokens, staked them to acquire veBAL, and voted for their liquidity pool to secure the majority of BAL allocations. This strategy enabled Humpy to dominate the protocol without contributing to its trading volume or transaction fees, highlighting a conflict between whale interests and the protocol's long-term development.

In response to Humpy’s aggressive tactics, Balancer's official team introduced countermeasures, including restricting eligible pools for liquidity incentives and setting limits on reward allocations. Despite these efforts, a settlement was eventually reached, allowing Humpy to maintain significant influence over Balancer, as evidenced by their status as the second-largest BAL holder.

Humpy’s New Target: Compound

After a two-year hiatus, Humpy shifted focus to Compound, another established DeFi protocol. This time, the strategy revolved around the governance rights associated with idle COMP in the Compound Treasury. Humpy leveraged a project called Golden Boys, which issued an ERC-20 token, $GOLD, and created a new Vault product, goldCOMP Vault. This allowed users to stake COMP, relinquish governance rights to Golden Boys, and receive $GOLD as liquidity incentives.

In May of the current year, Golden Boys proposed transferring 5% of the COMP controlled by the Compound Treasury to their multi-signature wallet, intending to stake it in the goldCOMP Vault. This proposal faced significant opposition and failed. However, Golden Boys persisted, refining their proposals and engaging with the community.

The third proposal, significantly increasing the requested COMP amount to 499,000, narrowly passed, allowing Humpy to gain substantial governance control over Compound. This development shocked the community and underscored the effectiveness of Humpy's strategic planning.

Implications and Future Considerations

The success of Humpy's maneuvers in both Balancer and Compound underscores the need for DeFi protocols to re-evaluate their governance models. The vulnerability of existing systems to such strategic exploits highlights a critical area for improvement to safeguard long-term development and community interests.

General DAO Governance Risk

Decentralized Autonomous Organizations (DAOs) represent a pioneering governance structure within the decentralized finance (DeFi) space, blending smart contracts with central intermediaries to manage risk parameters. This hybrid approach has enabled early lending platforms to attract users and increase Total Value Locked (TVL), but it also presents significant challenges, particularly in scaling within a semi-decentralized context.

Proponents of the central governance model argue that it allows DAOs to appoint specialists who can monitor on-chain activities and manage risk parameters, tasks that ordinary community members might not be equipped to handle. These specialists adjust key metrics such as Loan-to-Value (LTV) ratios in response to market conditions. This centralized oversight helps maintain a cohesive liquidity pool and offers users a “hands-off” experience, trusting the specialists with the management of their deposits. In adverse market conditions, it is the responsibility of these specialists and the DAO to adapt protocol parameters to better align with the evolving environment.

However, this model is not without its drawbacks. DAOs face similar operational, cyber, and human risks as traditional organizations. Smart contract-powered governance systems share the same vulnerabilities as the protocols they govern, evidenced by historical exploits resulting in substantial financial losses. Additionally, DAOs are not immune to internal politics, which can mirror those of conventional entities. These political dynamics create barriers to entry for newcomers and contribute to governance bottlenecks, impeding the DAO’s ability to make efficient capital allocation decisions and limiting market scalability.

In summary, while the central governance model within DAOs offers significant advantages in risk management and operational efficiency, it also inherits substantial risks and challenges. Balancing these aspects is crucial for the sustainable growth and scalability of DeFi platforms.

Cryptocurrency Crypto News DeFi Aave (AAVE) Compound Finance (COMP)

How do you rate this article?

28
Michael @ CryptoEQ
Michael @ CryptoEQ

I am a Co-Founder and Lead Analyst at CryptoEQ. Gain the market insights you need to grow your cryptocurrency portfolio. Our team's supportive and interactive approach helps you refine your crypto investing and trading strategies.

CryptoEQ
CryptoEQ

Gain the market insights you need to grow your cryptocurrency portfolio. Our team's supportive and interactive approach helps you refine your crypto investing and trading strategies.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
Raw, Random & Real: Black & White Glimpses of My World Raw, Random & Real: Black & White Glimpses of My World
Bhatt_G

Bhatt_G

13 hours ago
2 minute read

Big Changes are Coming to Publish0x... Let's Stable Up! + A Notice on Inactive Accounts Big Changes are Coming to Publish0x... Let's Stable Up! + A Notice on Inactive Accounts
Publish0x PRs

Publish0x PRs

8 Jul 2025
2 minute read

Is Your Bitcoin Safe? Hackers Have Stolen Over $8 Billion. Is Your Bitcoin Safe? Hackers Have Stolen Over $8 Billion.
Talha.Khalid

Talha.Khalid

3 hours ago
1 minute read