Difference between revisions of "Compound (COMP)"

From CryptoWiki

Line 117: Line 117:
=== DAO ===
=== DAO ===


*[http://email.mg2.substack.com/c/eJxVkU2ToyAQQH9NvJkCURMPHJx8zJgdkxyczOxeUgiYMCI4gnH11w-b7B62aIquB91dxaPE8ovuRtxqY73e8O4sGIYoWSQAeAyHDC6jpSfMueo4b4iQ2HY999q-lIISK7S6F8QARt4VQ0go52EMKopKRJfBsiIERFUSJOUiJq7OjTmTngmuKMdayfHe2JP4am1rZiidBVsXJVG15MbMTV8aS2g9p7pxvHX7pq1QF7_SnU-JufqV1IPxG9LV3PqNVoyMfgnRDG2trrmaoTUfd5AGp_EjkHX2qX_nU40ORTq8rnZDifbgLwf5lIH9tDFZI69slcV58RYe1j9Bvn4b83EQ5GM_uXeCvpzEa7EJ8vUGZmIQFJ3EnT8nE1vB8df79pM9y1spdsk8NumPr5ZWLweYtswWNSmOsY43x-Mt3YbXp3S1oweZRZGfewIHIAAgcgu6BM3h3JRTFcIF_KraWQiaS_Dfl3gdnph0F22nrVZ_BN2x83N2Z9MrYcczV6SUnD3U2Yfruwk7thwrPhjJreXdAzqfIQrCBfTcJKZdT4X_-fgGfB6_Qg From] [[Bankless]] (5-5-2020):
*[https://medium.com/@SenateLabs/landscape-of-pro-delegate-next-wave-of-dao-governance-f239cd8537ea Has][[Gauntlet Networks|Gauntlet]] and [[Reverie]] as some of their professional delegates (30-11-2022).
 
*[https://ournetwork.substack.com/p/our-network-issue-40 From] Our Network #40 (25-9-2020):
''"COMP holders for example are [http://email.mg2.substack.com/c/eJwlUEmOwyAQfI05Ws3i7cBhpFG-YYHBCQoGD4si5_XTtgWI6kZUddWiin3GdMg95kJqtml2RlI-DRMAMVIYOnYjcXlek7Wbcl6WVC3Zq_ZuUcXFcH3ogXbkJfkAay8GpibFKIhVg50m3TEwZgDBF3LKzKoaZ8NiZQz-uIiJl69S9tzwn4Y9cJePK8WmdokbVsktuqYSA-JcVKkZAWVdNw0A_djjETBy3vAHUvwyIE4yYAAdLoqAt7TN-rsKOtC_dW8EbE_W5qqRbXmfKiTJr_H4sKeIQqfTq41GZ7y3Glw5ZhuU9tbcGZQ7tMtSOXYrg_1kb8-57yYGIzgTAyWoZCJyBqlVeHub8z8tMX0l incentivized to support] proposals that add a fee structure to Compound that’s allocated partially to themselves as profit and partially to further growth of the protocol. They can’t add too [[MANY|many]] [[fees]] or they’ll lose users, so they’ll add just enough to fund Compound growth while extracting some profit. Fees will rest at a price [[equilibrium]] driven by market forces."''


"''A significant majority of COMP holders hold less than 100,000 COMP, which is the amount of delegated COMP-votes needed to formally propose a protocol upgrade; however, 225 addresses hold at least 100 COMP. With the launch of [https://medium.com/compound-finance/compound-autonomous-proposals-354e7a2ad6b7 Compound Autonomous Proposals (CAPs)], any user with 100+ COMP may create a proposal template, seek the delegation of 100,000 total COMP-votes, and make the CAP eligible to transition to a formal proposal."''
*[https://ournetwork.substack.com/p/our-network-issue-26 From] [[Our Network]] #26 (19-6-2020):
*[https://ournetwork.substack.com/p/our-network-issue-26 From] [[Our Network]] #26 (19-6-2020):


''"COMP token holders do not need to directly participate in the voting process for protocol modifications - a core feature of COMP is the delegation of voting rights. So far there have been 437 total delegations, 383 of which are brand new delegations from a new COMP-holding [[address]], and 54 of which are re-delegations, that is they are re-assignments of delegations from one address to a different one. [https://explore.duneanalytics.com/queries/4796/source#9421 This table] shows the top 10 delegates by the number of unique delegators."''
''"COMP token holders do not need to directly participate in the voting process for protocol modifications - a core feature of COMP is the delegation of voting rights. So far there have been 437 total delegations, 383 of which are brand new delegations from a new COMP-holding [[address]], and 54 of which are re-delegations, that is they are re-assignments of delegations from one address to a different one. [https://explore.duneanalytics.com/queries/4796/source#9421 This table] shows the top 10 delegates by the number of unique delegators."''


*[https://ournetwork.substack.com/p/our-network-issue-40 From] Our Network #40 (25-9-2020):
*[http://email.mg2.substack.com/c/eJxVkU2ToyAQQH9NvJkCURMPHJx8zJgdkxyczOxeUgiYMCI4gnH11w-b7B62aIquB91dxaPE8ovuRtxqY73e8O4sGIYoWSQAeAyHDC6jpSfMueo4b4iQ2HY999q-lIISK7S6F8QARt4VQ0go52EMKopKRJfBsiIERFUSJOUiJq7OjTmTngmuKMdayfHe2JP4am1rZiidBVsXJVG15MbMTV8aS2g9p7pxvHX7pq1QF7_SnU-JufqV1IPxG9LV3PqNVoyMfgnRDG2trrmaoTUfd5AGp_EjkHX2qX_nU40ORTq8rnZDifbgLwf5lIH9tDFZI69slcV58RYe1j9Bvn4b83EQ5GM_uXeCvpzEa7EJ8vUGZmIQFJ3EnT8nE1vB8df79pM9y1spdsk8NumPr5ZWLweYtswWNSmOsY43x-Mt3YbXp3S1oweZRZGfewIHIAAgcgu6BM3h3JRTFcIF_KraWQiaS_Dfl3gdnph0F22nrVZ_BN2x83N2Z9MrYcczV6SUnD3U2Yfruwk7thwrPhjJreXdAzqfIQrCBfTcJKZdT4X_-fgGfB6_Qg From] [[Bankless]] (5-5-2020):


"''A significant majority of COMP holders hold less than 100,000 COMP, which is the amount of delegated COMP-votes needed to formally propose a protocol upgrade; however, 225 addresses hold at least 100 COMP. With the launch of [https://medium.com/compound-finance/compound-autonomous-proposals-354e7a2ad6b7 Compound Autonomous Proposals (CAPs)], any user with 100+ COMP may create a proposal template, seek the delegation of 100,000 total COMP-votes, and make the CAP eligible to transition to a formal proposal."''
''"COMP holders for example are [http://email.mg2.substack.com/c/eJwlUEmOwyAQfI05Ws3i7cBhpFG-YYHBCQoGD4si5_XTtgWI6kZUddWiin3GdMg95kJqtml2RlI-DRMAMVIYOnYjcXlek7Wbcl6WVC3Zq_ZuUcXFcH3ogXbkJfkAay8GpibFKIhVg50m3TEwZgDBF3LKzKoaZ8NiZQz-uIiJl69S9tzwn4Y9cJePK8WmdokbVsktuqYSA-JcVKkZAWVdNw0A_djjETBy3vAHUvwyIE4yYAAdLoqAt7TN-rsKOtC_dW8EbE_W5qqRbXmfKiTJr_H4sKeIQqfTq41GZ7y3Glw5ZhuU9tbcGZQ7tMtSOXYrg_1kb8-57yYGIzgTAyWoZCJyBqlVeHub8z8tMX0l incentivized to support] proposals that add a fee structure to Compound that’s allocated partially to themselves as profit and partially to further growth of the protocol. They can’t add too [[MANY|many]] [[fees]] or they’ll lose users, so they’ll add just enough to fund Compound growth while extracting some profit. Fees will rest at a price [[equilibrium]] driven by market forces."''
=== How decentralized is Compound? ===
=== How decentralized is Compound? ===


Line 135: Line 135:


* Was classified ''Degree 3 DeFi'' on [https://hackernoon.com/how-decentralized-is-defi-a-framework-for-classifying-lending-protocols-90981f2c007f the HackerNoon rankings] of 25-4-2019. ''"These DeFi products are non-[[custodial]], have [[permissionless]] initiation of margin calls, and permissionless provision of margin call liquidity, while centrally administering price feeds, centrally controlling interest rates, and centrally controlling platform developments and updates."''
* Was classified ''Degree 3 DeFi'' on [https://hackernoon.com/how-decentralized-is-defi-a-framework-for-classifying-lending-protocols-90981f2c007f the HackerNoon rankings] of 25-4-2019. ''"These DeFi products are non-[[custodial]], have [[permissionless]] initiation of margin calls, and permissionless provision of margin call liquidity, while centrally administering price feeds, centrally controlling interest rates, and centrally controlling platform developments and updates."''
 
*A BIG side note, is that the blog was written by [[Kyle J Kistner]] who is Chief Vision Officer at [[bZx]]. He gave his own project the highest ranking. What a surprise.
* A BIG side note, is that the blog was written by [[Kyle J Kistner]] who is Chief Vision Officer at [[bZx]]. He gave his own project the highest ranking. What a surprise.
*From the comprehensive [https://hackernoon.com/how-decentralized-is-defi-a-framework-for-classifying-lending-protocols-90981f2c007f blog post]:
 
* From the comprehensive [https://hackernoon.com/how-decentralized-is-defi-a-framework-for-classifying-lending-protocols-90981f2c007f blog post]:


''"<strong>Custody</strong>: Compound [[smart contracts]] are [[open source]] and [[non-custodial]] from the point of loan origination.''
''"<strong>Custody</strong>: Compound [[smart contracts]] are [[open source]] and [[non-custodial]] from the point of loan origination.''
Line 476: Line 474:
* [[Calvin Liu]]; Biz dev & business strategy
* [[Calvin Liu]]; Biz dev & business strategy
*[[Jake Chervinksy]]; General Counsel (expertise on crypto law and policy)
*[[Jake Chervinksy]]; General Counsel (expertise on crypto law and policy)
*[https://medium.com/@SenateLabs/landscape-of-pro-delegate-next-wave-of-dao-governance-f239cd8537ea Has][[Gauntlet Networks|Gauntlet]] and [[Reverie]] as some of their professional delegates (30-11-2022).


=== Funding ===
=== Funding ===

Revision as of 04:37, 12 December 2022

Basics

  • Based in: Compound Labs is a San Francisco based company
  • Started in: 2018
  • Mainnet release including token: 17-4-2020
  • Aka Compound Finance
  • DeFi Money markets protocol
  • "Compound is an open-source, autonomous protocol built for developers, to unlock a universe of new financial applications. Interest and borrowing, for the open financial system."
  • “Compound is a protocol on the Ethereum blockchain that establishes money markets, which are pools of assets with algorithmically derived interest rates, based on the supply and demand for the asset. Suppliers (and borrowers) of an asset interact directly with the protocol, earning (and paying) a floating interest rate, without having to negotiate terms such as maturity, interest rate, or collateral with a peer or counterparty.”

History

Audits & Exploits

  • Bug bounty program can be found here. Max payout is $150,000 (29-6-2020). Apparently went down to $50k (8-4-2022).
  • Used Certora's Prover tool with formal verification technology to complement/assist their manual audits (2-10-2022).
  • Maintained its 93% score after renewed scoring (8-4-2022). With the comment:

"Compound has enlisted @CertoraInc to do a formal verification of its software, and @gauntletnetwork to evaluate its market risks. This combination not only ensures that the software works as intended and is "correct", but also accounts for any economic hazards. This rigorous security is complemented by Compound's governance which does not allow any software privileges to the developers. Every upgrade, decision, and implementation is performed by the community. Compound is therefore safe from both external and internal malevolence.

We would also like to underline Compound's excellent documentation. It barely omits anything, and is always a pleasure to revisit. However, we do think that the extent of its software upgrades could be better documented. There are currently only vague details pertaining this. Another point of improvement would be Compound's (currently failing) code coverage. Although their testing suite is robust and sound, increasing the code coverage is nonetheless a valid future implementation to perform.

When it comes to bug bounties, Compound could be more generous. Their @immunefi program rewards whitehats with up to $50k, but we think a project of this magnitude should provide better economic incentives to these exploit seekers. Better rewards = more eyes on your code.

Lastly, we would love to provide Compound with a pause control fire drill which would be the ultimate addition to the money market maker's excellent defenses. Overall, we are sure that Compound's process quality will only keep improving alongside our teams' collaborations."

  • Compound DAO hired a security auditor via a public bidding process (12-2021).
  • Scored a 93% after a second update by DeFi Safety (16-8-2021):

"Stellar Team transparency, security, testing, documentation, and access controls. Excellent Transparency.

The reason for the lower score was in a slight lower testing score and the added section of Access Controls where they scored 89%.

  • Previously scored a 88% on DeFi Safety (9-2020) which got updated to a 97%; "Compound has had consistent audits through their development as documented on their site. They have audits from two top level audit organizations. The audits are public and they have implemented findings in order to improve their code." With the comment: "Compound is updated to our latest process; 0.6 and their score jumps to 97% because, they are great. They just do everything we want."

"Compound has passed through four security audits by OpenZeppelin and Trail of Bits. Each audit has found issues of at least medium severity, but with diminishing frequency and severity."

Bugs/Exploits

"An upgrade to the protocol’s oracle contract was implemented yesterday, resulting in unintended consequences. Despite three audits, the new code contained a bug causing transactions to revert for ETH borrowers and suppliers. The thread goes on to state that “Funds are not immediately at risk, but this is a developing situation.”

The contract in question was audited by three firms, Dedaub, ABDK and OpenZeppelin, with the most recent of the reports dated 1st April 2022. However, the latest commit to UniswapAnchoredView was made 26 days later."

  • From Blockthreat (31-3-2022):

"TrueUSD and Compound Finance silently patched their contracts after ChainSecurity discovered a vulnerability in handling contracts with multiple entry points which could be used to manipulate Compound markets."

"Today, someone exploited a bug in Compound’s Controller contract, which is the part of the protocol that distributes yield farming rewards to users. By calling Compound’s drip() function, they transferred $68 million, or 202,472 COMP, from Compound’s reservoir to its Comptroller.

Since Banteg, a core developer at Yearn.Finance, tweeted about the exploit earlier this afternoon, four major transactions have drained the Comptroller pool of 64,997 COMP, or $21.4 million. One of those transactions withdrew 37,504 COMP, or $12.3 million. Banteg said that only “addresses with the buggy state can drain" and that there are another five addresses that could claim $45m, "emptying the Comptroller." "The drip issue has been known to Compound and the security researchers for a few days now," Banteg told Decrypt, "but since there was no mitigation, it was decided to keep it under wraps hoping nobody would notice until a patch is out.""

"A community led (but professionally checked) proposal contained a bug which allowed for the distribution of ~$80M in excess COMP rewards. The only victims were COMP token holders, who temporarily suffered faster dilution than they expected. The Compound team did their part to downplay the situation, while Robert Leshner was quick to distance himself from the incident. However, Compound Labs cannot escape their involvement, as they were clearly credited with reviewing the faulty code before it was deployed."

"Whether this was a manipulation or a technical issue isn’t yet clear, but we do know that no flash loans were used. To manipulate the Coinbase order book to such a state would have cost 100k DAI, as the order book had 300k of depth, and the off peg price reached $1.3.

Was this malicious, careless, or expired tech? Either way, those liquidation bots profited from this incident. Using any singular centralised data source as a price oracle is unwise, and Coinbase is particularly bad, especially if you can wipe the order book with 100k."

Governance

Admin Keys

"Current Admin Key Config- Time Lock: 2 days

Current Admin Key Config- Multisig: no

Claimed Admin Key OpSec: "offline multi-party process"

Verified Admin Key OpSec: Unverifiable

Is security of deposited funds dependent on opsec of admin key?: Yes

Admin Key Address: Link

Documentation on Admin Key Powers: Open Zeppelin Audit Summary

Additional Info (if any)? Blog Post"

  • From their announcement (16-4-2020):

"Community governance has replaced the administrator of the Compound protocol. From this point forward, all changes (from supported assets, to system parameters) will originate from COMP token-holders."

"Compound governance is currently centralized with hopes to transition to a community and stakeholder controlled protocol in the future. Current governance cases include:

  • Listing new cToken markets
  • Updating market interest rates
  • Updating oracle addresses
  • Withdrawing cToken reserves
  • Choosing new admins

According to a recent (25-4-2019) article from HackerNoon, Compound currently falls in the middle of the centralized/decentralized spectrum thanks in large part to it’s open sourced smart contracts and permissionless magrin monitoring.

As mentioned above, the future implementation of a cToken DAO should allow for markets and interest rates to be governed by community voting rather than the current structure where all rules are set by Compound themselves."

"a) Contracts are clearly labelled as upgradeable through Compound's voting/implementation structure.

b) Compound outlines Defined Roles within their voting and delegation structure that are found in the Governance section of their documentation.

c) Capabilities for change in the Compound contracts can be found.

Compound Finance's Pause Guardian function is documented here, and the latest test documented was from February 2020 here."

DAO

  • HasGauntlet and Reverie as some of their professional delegates (30-11-2022).
  • From Our Network #40 (25-9-2020):

"A significant majority of COMP holders hold less than 100,000 COMP, which is the amount of delegated COMP-votes needed to formally propose a protocol upgrade; however, 225 addresses hold at least 100 COMP. With the launch of Compound Autonomous Proposals (CAPs), any user with 100+ COMP may create a proposal template, seek the delegation of 100,000 total COMP-votes, and make the CAP eligible to transition to a formal proposal."

"COMP token holders do not need to directly participate in the voting process for protocol modifications - a core feature of COMP is the delegation of voting rights. So far there have been 437 total delegations, 383 of which are brand new delegations from a new COMP-holding address, and 54 of which are re-delegations, that is they are re-assignments of delegations from one address to a different one. This table shows the top 10 delegates by the number of unique delegators."

"COMP holders for example are incentivized to support proposals that add a fee structure to Compound that’s allocated partially to themselves as profit and partially to further growth of the protocol. They can’t add too many fees or they’ll lose users, so they’ll add just enough to fund Compound growth while extracting some profit. Fees will rest at a price equilibrium driven by market forces."

How decentralized is Compound?

"Compound’s high scores can be attributed to strong performance in both the smart contract and financial risk categories. Compound has the highest liquidity index score of the group and has maintained high collateral ratios. In addition to releasing public code audit and running a bug bounty program, Compound is the only platform that has released a formal verification report."

  • Was classified Degree 3 DeFi on the HackerNoon rankings of 25-4-2019. "These DeFi products are non-custodial, have permissionless initiation of margin calls, and permissionless provision of margin call liquidity, while centrally administering price feeds, centrally controlling interest rates, and centrally controlling platform developments and updates."
  • A BIG side note, is that the blog was written by Kyle J Kistner who is Chief Vision Officer at bZx. He gave his own project the highest ranking. What a surprise.
  • From the comprehensive blog post:

"Custody: Compound smart contracts are open source and non-custodial from the point of loan origination.

Initiating Margin Calls: Margin monitoring and margin call initiation is permissionless, incentivized, and decentralized.

Margin Call Liquidity: Provision of liquidity is permissionless, decentralized, and incentivized. A 5% discount on any collateral liquidated provides the incentive to monitor, initiate, and provide liquidity for margin calls.

Price Feeds: Compound price feeds are centralized and imputed directly by a whitelisted address controlled by Compound. Manipulation of the price feed by Compound itself is mitigated by the existence of a sensitivity parameter that prevents updates from being moved outside a range of 10% per hour.

Interest Rates: Currently interest rates are centrally determined. In Compound v2 the same model will initially be deployed, though later there will be a cToken DAO that allows for lenders to vote on the interest rate parameters of their respective money market reserves. The cToken DAO approach is less decentralized than an orderbook approach because an orderbook gives the entire market input into the interest rate. However, the cToken DAO approach is far more decentralized than a single central party determining the interest rate model parameters.

Development: Compound contracts are centrally developed and open source. The v1 contracts are not mutable except for the interest rate logic contracts while the v2 contracts are mutable. The v2 protocol is made up of a series of cToken contracts. In the beginning, Compound will have central control over the cToken contracts, but control will be ceded to a cToken DAO that can change the contracts with a time delay of 48 hours."

"The Compound team currently administers all aspects of the protocol to decide which assets can be loaned, the interest rate model for each asset, and how the system obtains price feeds. They also control various economic parameters including collateral requirements and the size of the incentive used to encourage third parties to liquidate under-collateralized loans.

These decisions can significantly affect the usefulness and safety of the system, so users must trust the Compound team to choose them wisely.

Additionally, the contracts include code hooks in most operations that ensure system-wide consistency across several markets, and can also be replaced to handle unexpected circumstances.

However, in the hands of a malicious or compromised administrator, these privileges contain the ability to trivially freeze markets, censor transactions or steal all assets from the system. Similarly, control of the price feed can be used to steal most, if not all, assets from the system. Currently, the same externally owned account is the administrator for all live markets.

To address these concerns, the Compound team intends to replace the existing administrator role and the price feeds with more decentralized governance mechanisms. However, the resulting mechanisms will still have these powers and should be designed carefully to either restrict how they can be exercised or to ensure they can withstand the large incentive to unfairly bias the system."

"Has a timelock of 2 days. "Offline multi-party process". The security of user funds dependent on the opsec of admin key."

Is it trustworthy?

"Our gripe with decentralized solutions is simple. You have to put your trust in the code, or better said in the people who wrote and audited it. Ameen Soleimani’s research has shown that although Compound is decentralized and open source, the private (admin) key is centralized and creates a single point of failure for the entire platform. If it ever gets compromised, all the lending pools can be drained of funds or even burned. Similarly, the same administrator account provides price feeds (oracle) for all live markets.

All decentralized solutions will most likely have the same powers and have to be designed in mind with this.

Even though the founders claim there are various security precautions made to prevent this from happening, no security model is perfect. And since Compound is a decentralized project, can they really be held liable for potential losses?

Compound has passed through four security audits by OpenZeppelin and Trail of Bits. Each audit has found issues of at least medium severity, but with diminishing frequency and severity.

Summary:

+ Established as the biggest decentralized player

+ Relatively good liquidity

+ Repeated audits show a trend of less frequent and severe vulnerabilities

+Clear jurisdiction

- Admin private key is a central point of failure

- Oracle (price feed) vulnerability is hard to solve"

Treasury

Token

Launch

Token allocation

"A collection of Compound’s most important stakeholders share the ability to upgrade the protocol:

  1. 2,396,307 COMP have been distributed to shareholders of Compound Labs, Inc., which created the protocol
  2. 2,226,037 COMP are allocated to our founders & team, and subject to 4-year vesting
  3. 372,707 COMP are allocated to future team members
  4. 5,004,949 COMP are reserved for users of the protocol — we’ll be releasing more details of this plan in the coming weeks
  5. 0 COMP will be sold or retained by Compound Labs, Inc."
  • From their blog (27-5-2020):
    1. "4,229,949 COMP will be placed into a Reservoir contract, which transfers 0.50 COMP per Ethereum block (~2,880 per day) into the protocol for distribution
    2. The distribution is allocated to each market (ETH, USDC, DAI…), proportional to the interest being accrued in the market; as market conditions evolve, the allocation between assets does too
    3. Within each market, 50% of the distribution is earned by suppliers, and 50% by borrowers; in real-time, users earn COMP proportionate to their balance; this is separate from the natural interest rates in the market
    4. Once an address has earned 0.001 COMP, any Compound transaction (e.g. supplying an asset) will automatically transfer COMP to their wallet; for smaller balances, an address can manually collect all earned COMP

"Once activated, the distribution will last for approximately four years—continually bringing more users, and more applications into the governance process."

"Every day, 2,880 COMP are distributed to users. That’s not changing. But under the new rules, which go into effect Thursday, users will simply earn COMP on the dollar value of assets they have put in or borrowed from the system."

"Compound has passed a proposal to cut COMP liquidity incentives by 20%. The reduction in COMP rewards is designed to free up more capital for other needs, such as future development and audits, incentives for voting, and more. Great report on the proposal along with future changes such as a vesting period on rewards can be found on the governance thread here."

Utility

"All interest and transaction fees will be paid in CASH, Gateway’s unit of account. Validators of the Gateway blockchain will also earn a portion of the CASH-based interest paid by borrowers."

Token Details 

"COMP empowers community governance — it isn’t a fundraising device or investment opportunity. Until the decentralization process is complete, COMP will not be available to the public.

Possessing COMP and participating in Compound governance are not the same; COMP token-holders can delegate voting authority to any address; their own, a hot wallet (while COMP sits in cold storage), a DAO, or your address.

After the governance system has been publicly tested, and is operating in a reliable, distributed manner, we’ll remove the last governance failsafe — our ability to disable community voting in an emergency — and begin distributing the remaining COMP to Compound protocol users."

Coin Distribution

"According to a graphic shared by Conti, Compound is the ‘most concentrated’ of the Top 10 surveyed projects (by total locked value) with 96% of the total supply being held by a few dozen people in the top 50 holders."

Compound on Ethereum Tech

"With 76 commits and 32 commits, Compound has a GitHub repository that is heavily interfaced with."

  • Built on: Ethereum and will have its own Compound Chain which is discussed below (18-12-2020).

How it works

"Compound leverages web 3.0 wallets such as Metamask, Brave Browser or Coinbase Wallet for access into their ecosystem. Once connected, users are brought to the Account Overview section. From here, users can select any asset(s) and unlock the market they wish to interact with. After an asset has been enabled, users are then able to supply or borrow said asset, but never both."

"Simply put, cTokens represent your balance in a specific Compound market. Each market has its own cToken (cETH, cUSDC…), which you’ll receive when you supply that asset to the protocol. As such, you’ll earn interest on all cTokens held in your wallet based on the respective lending rate."

Upgrades

  • Compound announced revamped v3 of their lending protocol, along with intention to pursue cross chain deployments (29-6-2022). The proposed code is up on its forum (18-8-2022). Went live (26-8-2022).

Staking

Liquidity Mining

  • Compound was the first big project that kickstarted the 2020 Summer Yield Farming craze in June of that year.

Scaling

Interoperability 

Other Details

"The average collateral ratio for borrowers has dropped dramatically since the launch of the COMP token distribution on June 15th. In the months leading up to the distribution, average collateralization of borrowing on Compound tended to be between 400-600%; after the sharp market drawdown on March 12, average collateralization actually climbed above 800% as borrowers sought to avoid liquidation risk. Since the COMP distribution began, the average collateralization ratio has dropped down to ~180%. This dramatic shift reflects how changes in incentives can significantly alter the overall behavior of a protocol’s users. (Source: LoanScan)"

Infura Usage

  • Is using Infura, according to their website (13-4-2020). And is batching requests to optimize their Infura usage which is being explained more here (27-3-2020):

"How was Compound handling infrastructure before you started using Infura?

Hayes: “We used to run a node in Kubernetes. We tried running both Geth and Parity, but both applications hogged memory, bandwidth and disk IO from our other containers in the cluster. With this set up, performing a basic task, like pulling event logs from the blockchain, required a significant chunk of our DevOps' time. Additionally, we needed to upgrade to maintain compatibility with hardforks. Infura seemed at the time to have unlimited capacity for querying the blockchain. It was a no-brainer to make the switch."

How does Compound use Infura to interact with the Ethereum blockchain?

Hayes: “First, our Compound interface uses Infura to pull all of the details of the Compound protocol and the user's account. We decided to build our interface on Web3 directly instead of our APIs to make sure that users always see what's on the blockchain. Second, to power our API, we query all event logs from the blockchain. We push those events into a stream processor and read from that stream to populate the data in our API.”

How has Infura helped you simplify operations?

Hayes: “Simply we don't need to run Ethereum nodes, which is a huge time-saver. Additionally, as our Compound interface reads directly from Infura, even if Compound servers have an issue, users can still access Compound through our interface.”

Have you found any ways to optimize your Infura usage that you’d be willing to share with the dev community?

Hayes: “The biggest optimization, that we are in the process of integrating, is to unify all of our requests on chain into one large request via a view contract. That is, instead of pulling the user's balance in each supported asset, we can create and deploy a contract that, given a user address, loops and returns all the balances for a user in a single Web3 call. Given the amount of data points required to populate a page, this can save a huge amount of round-trips to Infura.””

 Gateway (Compound Chain) Technology (got paused)

How it would work

"It’s basically a new Proof of Authority (PoA) blockchain called ‘Compound Chain’ that has a new stablecoin called ‘CASH’ that is used as the networks native currency. Additionally, Compound/COMP governance on Ethereum will be used to govern Compound Chain and its validator set.

Compound claims that there are 3 main challenges that this new chain solves:

  1. High transaction fees on Ethereum
  2. Aggregated risk of supported assets; one bad asset can spoil the bunch which limits the universe of acceptable collateral
  3. The Compound protocol has no way of supporting assets that aren’t tokenized on Ethereum"

"Based on the whitepaper, it seems that the Compound Chain effectively functions as a cross-chain MakerDAO.

Users are able to import their cryptoassets from other peer chains onto the Compound Chain by locking their assets on the peer chain and minting them on the Compound Chain. Once the assets are on the Compound Chain, they can be used as collateral to borrow CASH (stablecoin), similar to how users currently borrow DAI on MakerDAO. The main difference between the economics of CASH and DAI is that the former accrues Yield (DSR rate) by default. 

Comparison of CASH & DAI economics

  1. Cost = Interest inflows (based on Stability Fees)
  2. Yield = Interest outflows (based on the DAI Savings Rate)
  3. Spread = MKR revenue (difference between interest in & outflows)"

"The goal is for users of Gateway to be able to, for example, deposit Polkadot’s native DOT token and borrow Ether against that collateral, freely using that ETH in the Ethereum ecosystem. This contrasts with Compound’s original implementation where users could only deposit and borrow Ethereum-based assets.

The Compound team is planning to build so-called Starports, which would function as various blockchains’ on and off-ramps to Gateway. In order to borrow or deposit an asset as collateral to Gateway, a user will need a blockchain-specific Starport."

Basically PoA bridges with other chains.

Interoperability

Other Details 

Oracle Method

"Compound mitigates front running through transaction fees, and a combination of Chainlink oracles and Uniswap's TWAP which would effectively require the front running of multiple price feeds. Although it is not explicitly stated in Compound's documentation, the protocol's architecture naturally makes front running difficult and expensive, which can disincentivize front runners with nefarious intentions. Compound mitigates the possibilities of flash loan / liquidity manipulations via a combination of Chainlink oracles and Uniswap v2 TWAP sanity checks, therefore ensuring "truthful" price data."

"Oracle Method

The price of BAT, REP, ZRX, and WBTC are a median of prices from Coinbase Pro, Bittrex, Poloniex, and Binance, denominated in Ether, and posted on-chain after a 1% deviation in an asset’s median price. For security, price changes are limited (at the protocol level) to 10% per hour, unless a manual approval is provided by a second, offline address. DAI, SAI, and USDC are based on Maker’s ETH/USD price feed.

Compound is developing an advanced price feed, the Open Oracle System, to create a transparent, decentralized, resilient, and tamper-proof price feed.

Contract Addresses

  • PriceOracle: 0x1d8aedc9e924730dd3f9641cdb4d1b92b848b4bd

Source

"The decentralized lending platform Compound uses a custom application-specific price oracle.

Compound’s oracle relies on a single, centralized poster (price gathering script) to pull the price of a basket of assets relative to Ether from many different exchange sources. This trusted party then posts price updates to the blockchain each time it detects a 1% deviation in price. The newly reported price must be within a 10% bound of an anchor price that is updated every hour. Large price movements (>10%) must be set manually using a corresponding, specific hardware key. This key is currently controlled by the Compound team.

Compound has also developed a second oracle design they call the Compound Open Oracle System. Using the Open Oracle system, anyone wishing to report a price can do so. This report is then propagated via a p2p network to all other nodes in the system. Anyone with gas and a connection to the Ethereum network can then post the signed price data on-chain. A single on-chain contract, known as the Data Contract, is responsible for holding and validating all price data. This contract sorts the reported information by price reporter. Any on-chain application can request to view price data by selecting a subset of the reported price feeds. While Compound expects to productionize this oracle in the near future (still completing audits), it has yet to be launched on the Ethereum mainnet."

Open Oracle System

Basics

Token

Tech

"The Open Oracle System splits the trust and logic required for an Ethereum price feed into four parts:

1: Off-chain Price Data

In the Open Oracle, any number of sources, known as Reporters, sign a message (price data) with a private key. Reporters can be exchanges, DeFi projects, applications, OTC trading desks, hobbyists, etc. — basically, anybody with access to price data. Reporters make this signed data available to the public.

The Open Oracle repo contains a JavaScript SDK to host this data through a web endpoint.

2: Posting Price Data to Ethereum

A crypto exchange may have an extremely accurate and reputable price for a trading pair, but lack the technical capacity (or incentive) to post the data on chain reliably. This responsibility is shared among many Posters.

Under the Open Oracle System, anyone with gas and a web3 connection has the ability to post the signed data on-chain.

3: On-chain Storage

The Reporter’s timestamped price data is decoded from the signed data, and stored under their public key in the Data Contract on Ethereum. The Data Contract holds the most recent price information from each Reporter.

In fact, anyone can sign price data and store it under their public key in the Data Contract.

4: Price Views

Finally, the on-chain application (or user) requesting price data selects a subset of reported price feeds. For example, a DeFi application might average price data from three reporters e.g. Coinbase, Wyre, and an OTC desk and combine it with two on-chain prices, e.g. Uniswap and Chainlink (examples only).

This is accomplished through a View Contract, which reads, parses, aggregates, transforms, etc from the storage contract. The determination of trustworthiness or quality of the data signed by reporters is a decision ultimately made in the View. Views may use a median price, an average, or whatever methodology they favor.

If an application wishes to change methodology, or if a Reporter is no longer trusted, deploying a new View Contract is a trivial update, since storage and logic are completely decoupled."

Governance

Upgrades

Audits

Bugs

"Whether this was a manipulation or a technical issue isn’t yet clear, but we do know that no flash loans were used. To manipulate the Coinbase order book to such a state would have cost 100k DAI, as the order book had 300k of depth, and the off peg price reached $1.3.

Was this malicious, careless, or expired tech? Either way, those liquidation bots profited from this incident. Using any singular centralised data source as a price oracle is unwise, and Coinbase is particularly bad, especially if you can wipe the order book with 100k."

Roadmap

Can be found [Insert link here].

"The Open Oracle System is designed to be a foundation that anybody can build on, extend, and improve. The number of Reporters, Posters, and Views can scale over time, as the ecosystem develops."

Usage

Projects that use or built on it

Privacy Method

Their Other Projects

Treasury

"A new defi service designed for institutions. This new service seeks to offer institutions the chance to garner defi-based gains without having to go the extra mile to do so. Compound Labs has partnered with Circle and Fireblocks and allows institutions to register and open a treasury account, where these institutions can wire dollars. Circle offers the conversion services to transform these dollars to USDC while using Fireblocks to keep these assets safe from attacks. Treasury will offer a fixed interest rate of 4% per year on the funds deposited."

The partnership with Fireblocks is interesting, since they had been in the news for losing keys to $75M worth of ETH just a couple days earlier.

Roadmap

  • Can be found [Insert link here].

Counterparty Risks

"Compound Tokens, or cTokens, are a product of the Compound Protocol. They are tokens that are “interest-bearing” meaning that they accrue interest at the current rate stipulated on Compound. Many Sets on TokenSets use cUSDC and some use cDAI.

The main risk associated with cTokens is that if the liquidity pool is overutilized during a rebalance that is exiting a Compound position (such as cUSDC or cDAI), it may be difficult to find the liquidity to successfully complete a rebalance for a cToken-based Set at favorable slippage.

Additionally, buying a Set that contains cUSDC or cDAI also opens up the user to Compound platform risk. For example, if Compound’s smart contracts were to be exploited, hacked, or adversely affected in any way — this could potentially have dire repercussions for any Set that contains cUSDC or cDAI."

Usage

"Compound’s weekly borrowing volume has increased steadily since the beginning of the year. The lending protocol reached new yearly highs earlier this month after hitting $25.54M in borrowing activity across all supported assets. In March, the average weekly volume was $14.7M, up +42.37% from February’s average of $10.3M in loans originated."

"Total supply on Compound is currently at $480 million from 23,000 unique addresses. In the past seven days, approximately $573 million (gross) was added to the protocol [this is after the COMP token went live], in almost 14,000 transactions. This graph shows the increase in the net supply per day, broken down by token. About 42% of this volume was USDT, 27% was USDC, 20% was ETH, and 6% was DAI. Demand for cUSDT on Compound has increased dramatically in the last week, with gross supply rising from $1mm on June 11th to $170mm at the time of publication (source: Compound, Loan Scan).

2,880 COMP tokens are distributed every day (0.5 per Ethereum block) to users of the protocol, proportional to the interest generated in each market. In this graph, you can see the roughly 11,520 total COMP that has been earned across all Compound markets, with 91% of COMP going to USDT suppliers/borrowers. USDT has surpassed ETH to become the largest market on Compound, prompting members of the community to discuss interest rate model updates to other markets such as USDC (source)."

  • From Our Network #33 (7-8-2020):

"The weighted average borrow APY is 3.0% and the average borrow amount is $31,462, which gives us an average interest expense of $1,887 per user."

Projects that use or built on it

  • 88mph; says they "are dependent on the success of other protocols" one of which is this one (25-2-2021).

 Pros and Cons

Pros

  • Used as one of the main building blocks in DeFi.

Cons 

"lending protocol, raised $30m+ in venture funding, allowed < 10 institutions + highly connected angel investors to buy in. Largest incentivised parties that will do work: team, advisors. Why not users? Well because all the COMP that is being earned is being sold back to funds. Individual ownership in COMP will always remain super tiny."

  • When Compound announced its own chain, most reactions were negative, mainly due to it breaking composability and it being PoA. Compound probably already anticipated this and limited the reactions on its Twitter announcement (18-12-2020).

Competitors

  • Aave is mentioned as one, and is also speculated (16-4-2020) to pass Compound. Which it did not much later.
  • From this tweet (6-10-2020):

"Compound currently has 3.6x more outstanding debt issued than Aave. However, TVL in Aave markets is higher, as more assets have been supplied compared to the outstanding debt.

Due to $COMP liquidity mining incentives, much of the activity on Compound revolves around $DAI. By contrast, the distribution of supplied assets is more even on Aave.

$DAI lending rates have historically been slightly higher on Aave than Compound."

Team, Funding, Partners

Team

  • Many public team contributors were identified in Compound Labs' LinkedIn page.
  • Created by Compound Labs which has a team of about 12 members (6-2019)
  • Robert Leshner; CEO, has previous financial experience as a co-chair for San Francisco’s Revenue Bond Oversight Committee
  • Geoffrey Hayes; CTO, worked together with Robert building Postmates and Safe Shepard
  • Calvin Liu; Biz dev & business strategy
  • Jake Chervinksy; General Counsel (expertise on crypto law and policy)
  • HasGauntlet and Reverie as some of their professional delegates (30-11-2022).

Funding

"Compound Raises a $25mil Series A. The Series A was led by popular investors a16z, Paradigm, Bain Capital ventures and Polychain Capital. Compound said it doesn’t have a clear business model yet but this recent raise will give the company plenty of time to sustain itself for now."

Business Model

  • "Compound is unique in the sense that there is no native token required to utilize the platform. As such, it’s interesting to consider the future implementation of something like Binance Coin (BNB) or Nexo Coin (NEXO) which could allow for key actors to gain additional exposure to the protocol’s success."
  • From DeFi Weekly #52 (27-11-2019)

 "In order for Compound to extract fees they're more or less going to have to become regulated which means... KYC! So when/if that happens, Compound's defensibility may go down as liquidity moves away. The reason why I say that is that actors in DeFi don't actually care about the entity providing capital, as long as it provides capital at good rates. We saw this first-hand with Dharma when they started subsidising loan origination. After the subsidies were cut we saw a sharp 40% decline in liquidity. Orders with the P2P loan matching were also present but I wouldn't count it as a large reason. The counter force which Compound is banking on is creating a larger developer community and integrating with more end user applications (exchanges, wallets etc). Since Compound is based in the US and not fully decentralised, they're still under the mercy of the SEC."

Partners

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31

Also check out CoinTr.ee for more content.