Showing posts with label Bug. Show all posts
Showing posts with label Bug. Show all posts

Compound (COMP) bug results in $90 million in unintended payouts

Protocol for staking After a faulty software update, Compound, the world's fifth-largest DeFi protocol, inadvertently dumped $90 million into users' hands. After a botched software update, users of COMP tokens were suddenly given $90 million in COMP tokens. Compound is a decentralized finance (DeFi) autonomous interest rate system that runs on top of a blockchain and utilizes self-executing smart contracts. Normally, users would lend their bitcoin to borrowers at a fixed interest rate, known as the Annual Percentage Yield (APY) (APY). As a result, the payment of $29 million in COMP tokens to one user and $70 million to another was much more than anticipated. Simultaneously, Compound's creator, Robert Leshner, pleaded for the COMP tokens' return, warning in a tweet that the business would make private information about its customers public, as well as reporting receivers to the Internal Revenue Service. Leshner subsequently apologized for the post.


Paying the IRS vs. paying the Compound Interest

According to Bitcoin creator Ben Carman, the business cannot recover its funds without rolling back the [block]chain, and no one is obligated by law to reimburse Compound. If users opt to retain 10% of the erroneously issued tokens and return the rest, they will essentially avoid having to declare the returned coins as income to the IRS. Should Compound disclose the tokens to the IRS, they would be liable to pay income tax on the whole token value at the time of receipt if they chose to retain all of them. A DeFi system called Alchemix recently had a similar setback, and the vast majority of users who got additional incentives by mistake returned them.

Alchemix, on the other hand, only lost $4.8 million, compared to Compound's $90 million loss. To Compound's credit, no borrowed or provided money were put at risk. It does, however, raise concerns about the possibility of a repeat occurrence.


Investors are becoming interested in the DeFi space.

headquartered in San Francisco Compound is one of many DeFi protocols that re-create conventional financial institutions using smart contracts on the blockchain. With a market capitalization of $9.65 billion, they received $25 million in Series A financing from venture capital company Andreessen Horowitz. Robert Leshner, the company's creator, is a former economist who was motivated to create Compound after seeing that the cryptocurrency industry was trapped in a zero-interest situation.

Share:

A bug in the Ethereum interface results in an inadvertent chain split and network chaos.

All hands are on deck to address a flaw in an older version of the Geth client, which is used by 75% of Ethereum nodes.

  • Because of a flaw in an older version of Geth, nodes running a newer version of Geth are writing to a different chain, resulting in a de-facto chain split.
  • Ethereum developers are concerned about the possibility of a double-spend attack.

A problem in the software that many nodes use to write data to the Ethereum network has caused a chain split in the protocol, with roughly 54 percent of Ethereum nodes now uploading data to a different parallel chain by accident.

Go Ethereum, or Geth, is a piece of software that acts as a bridge between miners, nodes, and dApps, as well as the Ethereum blockchain. It is by far the most popular software in this category, with over 75% of all Ethereum nodes in the globe using it.

The team provided a hotfix to address a vulnerability earlier this week, promising to release details on the bug after a sufficient number of node operators and projects had upgraded their backends.

According to Ethernodes.org, just 28 percent of Ethereum users and 46 percent of nodes (54 percent haven't upgraded) are running the new code — 1.10.8. Anything below this is at risk of being exploited (in the last hour nodes have begun to make the upgrades).

While many nodes and projects have yet to update, Ethernodes says that the vast majority of miners have done so. This means that the real, smaller Ethereum network — not the bug's erroneous network — has a secure hashrate and isn't vulnerable to a double spend attack (where the collective hashrate of one group overpowers the other and is able to reverse or alter transactions).

Still, many dApps and DeFi projects throughout the world are writing data to an incorrect chain that will need to be repaired later. While many dApps and nodes search for data on the split network, mining proceeds unabated on the main network.

This isn't the first time.

This isn't the first time that Geth vulnerabilities have disrupted the Ethereum network. In November 2020, a poor roll-out of a Geth update created a chain split for Ethereum, with many node operators failing to upgrade. Users temporarily interacted with multiple versions of the Ethereum blockchain as a result of the split, which resulted in data loss.

Many people questioned how decentralized Ethereum actually is after the November 2020 flaw, especially since a centralized bug can cause a large portion of its users to lose data and not communicate with the “real” chain.

Despite the fact that Ethereum is experiencing a significant technical issue, the price of ether appears to be unaffected, as it is still up 4.6 percent on the day at $3,243.76, according to CoinGecko.

Share:

Hot Topic

Elon Musk was told by Jack Dorsey that Twitter should include a "Like Signal" protocol.

Elon Musk wonders over possible variations of the social network in a string of text messages. Former CEO and co-founder of the birdsite Jac...

counter, at the bottom of the page, in a table, div or under a menu.