An in-depth analysis of the details and purpose behind the Compound governance attack: The giant whale regains control of the established DeFi

Abstract: With the end of last weekend’s Bitcoin Conference, relevant conference details continue to be exposed, Basically not much different from my previous judgment, such as Trump’s energy policy to please Bitcoin enthusiasts strategy, and by exaggerating some changes in official attitudes, specifically referring to the rhetoric of the so-called strategic reserve, highlighting its value as a commodity. What I didn't expect was that his speech would turn into a typical "Trump-style" campaign rally. He likes to use some opinions and information without logical argument to attack his opponents, which is unavoidable. It remains to be seen whether some of the promises it has made are true. But basically this matter has been settled, so I paid attention to some other events and saw a very interesting information. Compound suffered a governance attack. Because I have been working in DeFi for a long time, I am not interested in this. I was very interested in the information, so I did an in-depth study of the whole story behind this matter, and dismantled the implementation details behind it to share with you. In general, the governance attack encountered by Compound is a DeFi whale trying to forcibly seize the governance rights of idle Comp tokens in the Compound Treasury by voting on governance, so that it can fully control the Compound protocol.

The legendary whale Humpy who successfully took over Balancer takes action again

In fact, this is not the first masterpiece of this legendary whale. Before that, the whale implemented governance on Balancer in the 2022 DeFi Summer era. Attack, by controlling a large number of BAL governance tokens, and relying on Balancer's veBAL mechanism to control most of BAL's incentive release to the liquidity pool, thus forming control over Balancer. So far, humpy has become the leader of BAL tokens. The second largest holder, after the official team.

Regarding this classic event, Messari has a very exciting research report. Interested friends can read it in detail. I don’t know how many friends are familiar with Balancer’s veBAL mechanism. Let me briefly review it here. It was the DeFi Summer, and the innovation direction of each product was around how to achieve growth by designing a good tokenomics. Curve was then serving as A stablecoin core DEX took the lead in launching the veCRV mechanism as its own tokenomics, and then achieved considerable results. Therefore, veToken became a popular design paradigm for DEX product tokenomics at that time.

Balancer, one of the star projects of the same type, encountered an innovation bottleneck at that time, so it chose to follow up and launched its own veBAL mechanism. The essence of this mechanism is to adjust the distribution of a competitive resource within the product through voting governance, and then create extensive bribery scenarios, bring benefits to participating in governance, and then stimulate the enthusiasm of the community to actively participate in product co-construction. , and also found suitable value support for governance tokens. At that time, "governance extraction value" was generally used in the market to describe it.

In the DEX track, this competitive resource specifically refers to the liquidity incentive rewards of governance tokens officially allocated to the liquidity pools running on them. The proportion of rewards allocated to different liquidity pools is governed by voting Determined by the method, if you want to obtain voting rights, you must lock your governance tokens for a long period, which also reduces the circulation in the market and is conducive to the growth of market value. Which liquidity pool gets more votes will be allocated more BAL incentives. This can guide third-party projects to choose to use their tokens to bribe users with veBAL voting rights in order to stimulate the liquidity growth of their own tokens. Of course, this process It is generally implemented based on a specialized DAPP. However, there is a hidden flaw in Balancer's veBAL design that Humpy discovered and exploited.

We know that for DEX, its core business model is transaction fees. In order to attract more traders to use its products, DEX is trying every means to increase its own liquidity and attract customers through low slippage trading experience. user. Therefore, the design of veBAL cannot be divorced from this core goal, which is to increase the handling fee. However, in its original design, there was no restriction on the type of liquidity pool, and it only relied on the total number of votes obtained by the pool. This caused a problem, as long as a pool can obtain enough veBAL votes by some means. , it can obtain a larger proportion of BAL liquidity incentive allocation, even if this pool does not have any trading volume. This leaves room for the whale, and so comes Humpy.

Humpy’s core attack idea is divided into two parts. The first is to gain absolute control over the liquidity of a certain pool, so that you can obtain most of the rewards in the liquidity mining process. The second is to obtain for the pool you control. A huge amount of votes controls most of the BAL incentive distribution. This allows control over the protocol. Therefore, the first thing it chooses to build is the tokens of projects that are inactive but have inflated market values, to reduce potential competitors. The second thing is to establish a liquidity pool with ultra-high fees (1%) to reduce users’ willingness to trade. , which can reduce the willingness to participate of LPs who are potentially attracted by handling fees. Through this method, it has achieved absolute control over a certain liquidity pool. Next, it purchases a large amount of BAL tokens through the secondary market, pledges them to obtain veBAL, and votes for its own liquidity pool, thereby obtaining most of the tokens. BAL allocation, but such incentive release does not make Balancer better, because no more handling fees are stimulated, it just makes Humpy cheaper. This is the so-called deviation between the interests of giant whales and the long-term development direction of the project. , can only bring about contradictions.

In actual implementation, Balancer’s official team did not sit still and counterattack Humpy’s vampire attack through a new Proposal. For example, it is possible to specify the range of pools that receive liquidity incentives, and operations to expand this range require official application and approval before they can be passed, or to set an upper limit on the proportion of rewards that can be distributed to a single pool, etc. But in the end, through a series of confrontations, Balancer and Humpy ushered in a reconciliation. However, judging from the results, it did not prevent Humpy from gradually achieving control of Balancer through this method. The individual is the second largest holder and the largest. direct results. This also paved the way for its recent attack on Compound.

By forcibly seizing the governance rights of a large number of idle COMP in Compound Treasury, we seize Compound

The above incident occurred in 2022. After two years of silence, Humpy started to seize the ownership of another veteran DeFi. This is what happened recently. This time it has nothing to do with veBAL, but focuses on the governance rights corresponding to the large number of idle COMPs in the Compound Treasury.

This time it did not directly participate in the whole game, but carried out the operation by packaging a project called Golden Boys (of course it can also be called an organization). This project is actually a Meme with financial attributes. What? What I mean is that its core product is an ERC-20 token called $GOLD. However, the official has given its holders some expectations other than cultural attributes. One point is emphasized in the entire official website and blog introduction, which is $ The value of GOLD is maintained by Humpy, a giant whale, with years of experience and a large amount of capital and resource advantages. Holding $GOLD is equivalent to standing on the back of a giant whale. But in fact, it does not have any structured financial management, or product design such as income aggregation. It only allocates some liquidity incentives to $GOLD and some mainstream tokens. Some of these incentives are directly the increased $GOLD. Of course, part of it is BAL rewards. This is naturally due to Humpy’s influence on Balancer, which allocates relatively high liquidity mining to it through its huge amount of veBAL (after studying this, it is a bit lamentable that it is not easy to win).

After preparing all this, he created a new Vault product called goldCOMP Vault. To put it simply, users can pledge their COMP into this Vault and transfer their governance rights to the Golden Boys. And obtain a pledge certificate, called goldCOMP, which is a negotiable certificate. Users can provide this certificate as liquidity to the 99goldCOMP-1WETH liquidity pool in Balancer, where 99 and 1 are the corresponding weights. This is basically It means that goldCOMP's transaction slippage is extremely low and there is basically no impermanent loss.

After staking liquidity, you can get the liquidity incentive of $GOLD. Note that the reward here is not BAL, but GOLD. This is naturally because choosing GOLD as an incentive is more conducive to the Golden Boys controlling the interest rate of the pool. , it’s all under your control anyway. The current interest rate level is 180%, and of course the TVL is not high. But what I’m not quite sure about is when Balancer will support third-party tokens to be displayed directly on the official website as staking incentives. Because I haven’t followed up on the progress of the project for a while. If it were not an official operation that could be set publicly, I would have to lament the helplessness of being taken away from me again!

After preparing these, GoldenBoys began its governance attack on Compound. It first launched its first proposal in May this year. The content of the proposal was to apply for 5% of COMP controlled in the Compound Treasury, that is, 92,000 COMP were transferred to the multi-signature wallet of Golden boys and pledged to the goldCOMP Vault through the multi-signature wallet, and the liquidity mining income was earned and locked for one year. Of course, in this process, Golden Boys obtain the governance rights transferred behind these Tokens. There is no doubt that the proposal was not passed, because this interoperability object is a bit crude and has no actual business support, and the entire operation after the token is distributed is based on a multi-signature wallet, which makes the possibility of human evil even greater. big. Therefore, it also caused widespread denial in the community,

But Humpy was not discouraged, but chose to confront community members. He believed that as long as the entire process is passed through the Compound timelock contract to approve any multi-signature wallet’s use of this The use of Token can alleviate these problems, so a second proposal was launched on July 20. The amount applied for this time remained unchanged, but an additional operation was added to achieve the above effect by setting up a Trust Setup contract. , thereby realizing the supervision of the multi-signature wallet, but the author actually read the code of the contract and simply set three states. When Compound timelock modifies the status of the contract to allow investment, the multi-signature wallet can be used at will. These tokens. Of course, this proposal was also rejected, but we can see that the number of votes in favor increased significantly. This seems to give people the illusion that the Golden Boys are really constantly optimizing the proposal and gaining more and more consent. Until today, the passage of the third proposal has left everyone dumbfounded.

Everyone should note that there is a core difference in the proposal passed today. The amount of COMP funds applied for in this proposal is no longer 92,000, but an exaggerated 499,000. However, this time, the community was originally very confident that it would Humpy's "conspiracy" was easily defeated, but the result was shocking. The proposal was passed by a narrow margin, and the number of support votes increased sixfold in just ten days, which was obviously not expected by the community. And this was obviously a carefully planned operation by Humpy. If nothing else happens, with the passage of this proposal, Humpy will actually become the owner of Compound and lead any proposals. Considering that its current chip count is enough to surpass its opponents, coupled with the newly obtained voting rights corresponding to 499,000 COMP, Compound will undoubtedly be taken away.

The impact of this incident is unprecedented. Any DeFi product needs to re-monitor its governance model to prevent similar problems. I will continue to pay attention to the next developments. I believe that the Compound community will also rise up to fight. How the conflict will develop in the end is hard to say given the lessons learned from Balancer.

The above is the detailed content of An in-depth analysis of the details and purpose behind the Compound governance attack: The giant whale regains control of the established DeFi. For more information, please follow other related articles on the PHP Chinese website!