Compound Labs announced that it had suspended its Compound Ether (cETH) market after a bug in a recent proposal that caused transactions for ETH suppliers and borrowers to revert.
Compound Labs has announced that it has suspended its Compound Ether (cETH) market after a bug in a recent proposal-caused issue with the price feed. Compound noted that, although the contract had been audited by three auditors, it contained an error that caused transactions for ETH suppliers and borrowers to revert.
Proposal 117 focused on setting a new price oracle, which was proposed by GFX Labs on behalf of Chainlink. It asked for an upgrade of the protocol’s oracle contract to v3, switching the anchor market from Uniswap v2 to v3. It was passed unanimously, with no votes against it.
The team said that the cETH market would be frozen until proposal 119 comes into effect. The latter reverts the price feed to the previous one. However, this will take seven days to come into effect, but Compound Labs notes that funds are not immediately at risk.
They also said on Aug. 31 that users should still be able to add collateral, including Ether. Any issues with the interface should be sorted out shortly.
OpenZeppelin Security Solutions Architect Michael Lewellen said that the bug was a result of the getUnderlyingPrice function. He said that the price of cETH tokens was not updated, returning empty bytes and resulting in a revert.
cETH is a token that is used for yield farming. When users lend their ETH to the pool, they receive cETH in return, which represents their investment.
Despite the incident, the cETH token does not appear to have taken a hit in terms of price. cETH has actually risen slightly in the past 24 hours, up 1.7% to $32.26. Meanwhile, the COMP token has gone down slightly by 2.7% to $48.85 — but largely unaffected.
The COMP token took a brief dip in the past 24 hours, going down to $46.48 around the time the news of the bug broke. All things considered, it has been mostly stable.
This is not the first time that Compound Finance has been hit by a bug. In October 2021, a “one-letter software bug” resulted in $90 million being accidentally paid out. No funds were at risk during the incident.
Disclaimer
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.