Compound v3

Lending

Compound is a decentralized lending protocol that allows users to earn interest on cryptocurrencies by depositing them into pooled liquidity markets which are algorithmically managed.


Risk Rating

Low Risk
Assessment: 2024-06-20
Risk Assessment
Security History
Monitoring

Overall Score

87%
Safe
  • Assessor
    Kop, Supergu
  • Assessment Date
    2024-06-20
Not yet undergone Underwriting review

Compound demonstrates a robust and well-documented protocol architecture, supported by multiple positive audits from leading firms and has no serious unresolved issues. It incorporates a sophisticated risk management strategy with mechanisms like pause control and Chainlink oracles to safeguard operations. The system effectively mitigates common vulnerabilities such as inflation, flashloan, and reentrancy attacks. However, concerns exist around outdated test scripts, weak protections against malicious upgrades, and previous security breaches. Additionally, the concentration of $COMP tokens among a few holders could potentially undermine governance decentralization. Despite these issues, the overall assessment of Compound remains positive, bolstered by its experienced team and strong foundational structures.

Economic

99%
Robust, battle-tested collateralization mechanism in place.
Utilizes Chainlink, a reliable oracle, with additional protective measures such as price checking and a fallback oracle.

Operation

79%
Founding team is experienced with a strong background in the industry.
Comprehensive risk management implemented by Gauntlet.
Previous hack in 2021 resulted in approximately $160 million in losses.
Governance may be compromised with 85% of $COMP tokens held by the top 100 holders, affecting decentralization.

Technical

80%
Protocol's architecture and source code are well-documented.
Audits conducted by multiple reputable firms with no serious unresolved issues.
Existing test scripts are outdated, hindering verification of the coverage ratio.
Insufficient protections against malicious upgrades; the timelock period is only two days.