A recent proposal passed by the decentralized lending protocol, Compound Finance, has raised concerns about a potential governance attack.
A recent proposal passed by decentralized lending protocol Compound Finance has raised concerns among community members about a potential governance attack.
According to these members, a small group of token holders managed to push through the proposal by amassing large numbers of tokens in the open market.
The proposal in question (289) involves allocating 5% of Compound's treasury — roughly 499,000 COMP tokens, currently valued at $24 million — to a yield-bearing protocol designed by a group known as the "Golden Boys" for one year.
Voting for the proposal began on Thursday at 11:40 p.m. and concluded over the weekend. By July 28, the proposal had narrowly passed with a vote tally of 682,191 in favor and 633,636 against.
However, several community members have expressed their concerns, suggesting that the Golden Boys conducted a governance attack.
Michael Lewellen, a security solutions architect at OpenZeppelin and security advisor for Compound Finance, highlighted suspicious activities involving several accounts acquiring COMP tokens and proposing to divert COMP holdings towards the goldCOMP product.
Lewellen expressed his concerns on the Compound governance message board, stating:
"In my personal opinion, the actions of @Humpy and the Golden Boys can be considered a governance attack if they persist in their attempts to take funds from the protocol in clear opposition to the will of all other Compound DAO delegates."
Following the approval of Proposal 289, Humpy, the apparent leader of the Golden Boys, defended the proposal against Lewellen's accusations.
"‘Steal funds’ is a wrongful and misleading phrase, especially coming from the Compound’s risk specialist," he stated. "Requested investment goes through a Trust Setup with a constraint set of actions that don’t permit stealing/diverting of funds.”
However, there appears to be internal discord within the Golden Boys. At least one of the multisig members, Ogle, claimed to be unaware of the proposal, despite being a part of the multisig for quite some time.
"I'm a multisig member for the Golden Boys, but I was not aware of this proposal and did not participate in the vote," Ogle wrote.
Concerns Over Trust Setup
Another governance account within Compound, Wintermute, previously raised concerns about the efficacy of the 'Trust Setup' in preventing the diversion of funds.
"The Trust Setup prevents any withdrawal actions except by GoldenBoyzMultisig," they pointed out. "This means that the DAO will not be able to recall these funds at their own discretion and will instead have to vote to initiate a PHASE update and rely on the multisig to perform the relevant divestment."
The above is the detailed content of Proposal 289 Controversy: Allegations of a Governance Attack Surface at Compound Finance. For more information, please follow other related articles on the PHP Chinese website!