Compound discovers bug in new update, freezes cETH market

DeFi protocol Compound (COMP) found a bug in governance proposal 117 designed to improve its worth feeds, forcing it to briefly freeze the Compound ETH (cETH) market.
An hour in the past, Proposal 117 was executed, which up to date the value feed that Compound v2 makes use of.
This worth feed, whereas audited by three auditors, contained an error that’s inflicting transactions for ETH suppliers and debtors to revert.https://t.co/a2DFk7h0ET
— Compound Labs (@compoundfinance) August 30, 2022
In keeping with an August 30 Twitter thread, the bug made “transactions for ETH suppliers and debtors revert.”
The workforce mentioned that its customers’ “funds are usually not instantly in danger” and added that its interface is presently not accessible because of the “worth discrepancy.”
In keeping with Compound Lab’s CEO Robert Leshner, customers at liquidation threat can nonetheless add Ether collateral. He said:
“No customers needs to be liable to liquidation or liable to dropping funds.”
Proposal 117 was designed to replace the oracle contracts on the lending protocol to a brand new model that makes use of Uniswap V3 as a substitute of V2 for worth feeds. GFX Labs proposed it on behalf of ChainLink.
The proposal was audited by OpenZeppelin, Dedaub, and ABDK, who all missed the bug.
The bug
An OpenZeppelin update revealed that the “getUnderlyingPrice” perform induced the bug. It continued that the cETH market didn’t have this perform as assumed by the oracle improve.
The perform returns empty bytes each time it’s referred to as, thereby reverting transactions.
OpenZeppelin wrote that:
“The first situation proper now could be a brief denial of service for the cETH market which shall be resolved by the brand new governance proposal. No funds are in danger presently. The remainder of the cToken markets on Compound V2 and all of V3 stay practical.”
Proposal 119 to revert the improve
In keeping with accessible data, GFX Labs submitted proposal 119 to revert the improve lower than an hour after noticing the bug.
The proposal could be handed and executed after a seven-day governance course of.
In the meantime, the bug seems to not have had any speedy affect on the value efficiency of Compound’s COMP token. The token has been on a crimson candle run for the final 30 days. Its worth declined by round 4% to commerce at $48 over the earlier 24 hours.