Compound v3

Lending

Compound is a decentralized lending protocol that allows users to earn interest on cryptocurrencies by depositing them into pooled liquidity markets which are algorithmically managed.

Chain
TVL
＄1.04m
Native token
COMP
View on CoinGecko
Protocol key links
Website Gitbook Twitter

Risk Rating

Low Risk

Assessment: 2024-06-20

Risk Assessment

Security History

Monitoring

Overall Score

87%

Safe

Assessor
Kop, Supergu
Assessment Date
2024-06-20

Not yet undergone Underwriting review

Compound demonstrates a robust and well-documented protocol architecture, supported by multiple positive audits from leading firms and has no serious unresolved issues. It incorporates a sophisticated risk management strategy with mechanisms like pause control and Chainlink oracles to safeguard operations. The system effectively mitigates common vulnerabilities such as inflation, flashloan, and reentrancy attacks. However, concerns exist around outdated test scripts, weak protections against malicious upgrades, and previous security breaches. Additionally, the concentration of $COMP tokens among a few holders could potentially undermine governance decentralization. Despite these issues, the overall assessment of Compound remains positive, bolstered by its experienced team and strong foundational structures.

Economic
Evaluate possible financial and economic risks depending on the project type (e.g., for lending, check the collateralization system), protection against CVEs (Common Vulnerabilities and exploits), oracle risks, and systemic concerns.

99%

Robust, battle-tested collateralization mechanism in place.

Utilizes Chainlink, a reliable oracle, with additional protective measures such as price checking and a fallback oracle.

Operation
Look into the team's experience, track record, and project governance. Consider legal and counterparty risks that may impact the project.

79%

Founding team is experienced with a strong background in the industry.

Comprehensive risk management implemented by Gauntlet.

Previous hack in 2021 resulted in approximately $160 million in losses.

Governance may be compromised with 85% of $COMP tokens held by the top 100 holders, affecting decentralization.

Technical
Understand the security of the app, code quality, and controls in place. Check how well it was developed, tested, and reviewed by third parties.

80%

Protocol's architecture and source code are well-documented.

Audits conducted by multiple reputable firms with no serious unresolved issues.

Existing test scripts are outdated, hindering verification of the coverage ratio.

Insufficient protections against malicious upgrades; the timelock period is only two days.