Decentralized lending platform Compound has been plagued by a code bug in a recent governance proposal to update its price feeds.
The code error has “temporarily frozen” the Compound ETH (cETH) market, causing cETH transactions to revert, but Compound Labs stated that despite the front end not working, “funds are not immediately at risk.”
Compound Labs announced on Aug. 31 that the code bug came from Proposal 117: Compound Oracle Upgrade v3, which was implemented a couple of hours ago to update the oracle contracts on the Compound protocol to a new version that uses Uniswap V3 instead of V2 for price feeds.
An hour ago, Proposal 117 was executed, which updated the price feed that Compound v2 uses.This price feed, while audited by three auditors, contained an error that is causing transactions for ETH suppliers and borrowers to revert.https://t.co/a2DFk7h0ET
In response to the cETH market temporarily freezing, Compound Labs said it aimed to revert to the previous price feed via Proposal 119: Oracle Update. The new proposal was created less than one hour after Proposal 117 had been executed, however it now needs to go through seven-day governance process before taking effect.
According to an update from Security Solutions Architect Michael Lewellen of OpenZeppelin, the code bug came from the “getUnderlyingPrice” function, which did not update the price of cETH tokens, which would return empty bytes and cause the call to be reverted.
Read the following post for details on a Compound incident we are working to resolve for the cETH market. A fix is already underway and no funds are at risk at this time. The rest of the cToken markets on Compound V2 and all of V3 remain functional.https://t.co/CiSE3a99Wa
Lewellen also reaffirmed
Read more on cointelegraph.com