The vulnerability is due to an error in the protocol agreement that incorrectly distributed over $80 million worth of COMP to compound finance users.
Compound (COMP) tokens worth about $162 million threatened to be withdrawn from the reward reservoir of the decentralized financial platform (DeFi) due to a faulty contract.
The error resulted from a call to the “DRIP function”, where malicious actors could exploit the vulnerability to siphon off thousands of COMP tOkens.
The Compound protocol adds 0.50 COMP to the reservoir contract on each block, but an error caused thousands of tokens to be sent at once.
According to Compound founder Robert Leshner, the drip function had not been called for weeks, and the developers hoped that the next call would be for changes to the protocol that would effectively prevent such exploits.
Over 202,000 COMP were released after calling the drip feature, with 490,000 COMP tOkens at risk, according to Leshner on October 3 in a Tweet shared.
According to the COMP/USD exchange rate at the time of the exploit, there was a risk that tokens worth almost $ 162 million would drain from the reservoir.
Although about 117,000 COMP tOkens were returned to the community after the initial error, there is still a risk of 136,000 tokens being claimed by clever users. DeFi developer Banteg found early Monday morning that four users had managed to take $21.5 million out of the liquidity reward pool, while five others were able to take advantage of the flaw to get COMP worth over $45 million.
The COMP price has fallen 5% in the last 24 hours and is now trading at around $320 after falling on the news of the hack. While the bulls are trying to recapture the daily highs of $341, the possibility of price falling back to support around $310 remains high.
The COMP/USD traded up to $367 over the weekend.