Emergency Governance - Compound as a Case Study

Purpose - To open up the discussion around emergency powers, time-sensitive governance, and being proactive around maintaining protocol integrity.

Background - The recent Compound.Finance fiasco is due to a Comptroller contract which
incorrectly disbursed liquidity mining funds in COMP. This gave several users profiteering opportunities to drain millions of USD worth of COMP tokens, and drained community funds with it. This evolved into a governance issue as 7 days were needed to pass a vote to patch the bug with the current multi-sig scheme, and the communty response was to keep the entire thing under hush until the vote finished according to the Coindesk article.
coindesk article on exploit

How does this effect us?

While the DAO issue is their own, I believe that it is important to recognize this event as an opportunity to reflect on governance structure, both in its current and future state as the DAO continues to evolve and mature with time. And more importantly, how this structure can handle major events like this if it were to ever occur along similar lines.

2 Likes

Not a big fan of timelocks. I understand why they exist and how they are helpful, but in situations where huge amounts of money like this are at stake, they can turn a critical but patchable bug into a protocol-ending fiasco like we’ve seen with COMP.

If a protocol implements a timelock for their upgrades, they should also considering implementing a failsafe such as a multisig with a large # of required signers or a DAO vote to override the timelock. But even then, that may not be fast enough to prevent loss of funds.

1 Like

Hi all,

Interesting topic and definitely a chance to reflect and learn from others mistake.

Maybe we should take similar steps like aave guardians, specially if timelocks are involved.

Are the Aave Guardians (gratz btw) Aave’s solution to this? I don’t fully know the scope of those duties, but it seems like a 10-person multisig wallet of trusted community members/PC team would be one potential avenue to quickly react while maintaining decentralization.