A bug in a recent update of the decentralized finance platform Compound sent users nearly $90 million worth of cryptocurrency in error, leaving its creator’s CEO begging users to voluntarily send it back.
The glitch is a black eye for cryptocurrency platforms hoping to upend the traditional finance system. DeFi platforms don’t have banks or other middlemen administering funds, instead relying on “smart contracts” struck between users that are governed completely by computer code. Proponents say DeFi is more egalitarian in cutting out traditional firms, often using the mantra “Code is law” to emphasize that computer code, rather than fallible humans, governs the system.
But critics note that when the code has contained mistakes, it’s led to disasters for users.
“There are reasons to criticize the existing banking system, but there are a lot of safeguards in place to prevent these kinds of things from happening,” said Andrew Park, a senior policy analyst for Americans for Financial Reform, an investor advocacy group that’s been a critic of many crypto projects. “If I have my money in Compound, how much faith am I going to have in that system now?”
The Compound mistake is just the latest high-profile error. A closely watched crypto project
This week’s fiasco occurred on Compound, one of several DeFi platforms that allow users to lend out cryptocurrencies and earn interest. Unlike similar platforms run by companies such as BlockFi, Compound isn’t run by a central company but rather by a distributed network of users utilizing smart contracts. Compound also distributes a token, called COMP, that gives users a say in how the protocol works and whose price on Friday was about $319 per coin.
The trouble started Wednesday, when users approved an update to Compound’s platform that contained a bug. Compound Labs Chief Executive Robert Leshner on Twitter
A few hours ago, Proposal 62 went into effect, updating the Comptroller contract, which distributes COMP to users of the protocol.
The new Comptroller contract contains a bug, causing some users to receive far too much COMP.
Leshner
After Compound users claimed the erroneous tokens, Leshner on Twitter
“Open source, decentralized protocols are early & hard. But every hiccup leads to a more anti-fragile system,” Leshner